Close Open Privacy Scan

bolt Snapshot: commit 9b2e72a
science engine v2
schedule 2026-07-03T16:15:38.518138+00:00

verified_user No application data leak found

No high-confidence exfiltration was found in application code. Dependency data flows are listed separately and do not affect this verdict.

Incomplete scan — only 108/200 dependencies were analyzed. Treat the score as provisional.

App Privacy Score

82 /100
Low privacy risk

Low risk · 1794 finding(s)

Dependency score: 37 (High risk)

bar_chart Score Breakdown

egress −15
env_fs −3

list Scan Summary

2 high 0 medium 1792 low
First-party packages: 19
Dependency packages: 44
Ecosystem: npm

swap_horiz Application data flows

No application data flows were found. See dependency data flows below.

hub Dependency data flows (2)
high wrangler dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/templates/startDevWorker/InspectorProxyWorker.ts:293 pkgs/npm/[email protected]/templates/startDevWorker/InspectorProxyWorker.ts:306
high wrangler dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/wrangler-dist/InspectorProxyWorker.js:215 pkgs/npm/[email protected]/wrangler-dist/InspectorProxyWorker.js:223

</> First-Party Code

first-party (npm)

npm first-party
expand_more 780 low-confidence finding(s)
low env_fs production #e9725a9cb197451f Environment-variable access.
repo/.github/scripts/create-git-tag.mjs:10
  const repoInput = process.env.INPUT_REPOSITORY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1bd7d69670775a5 Environment-variable access.
repo/.github/scripts/create-git-tag.mjs:25
  const tagName = process.env.TAG_NAME

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8773931f068b35a Environment-variable access.
repo/.github/scripts/create-git-tag.mjs:31
  const commitSha = process.env.COMMIT_SHA

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a4d8703b5639aaa Environment-variable access.
repo/.github/scripts/create-git-tag.mjs:37
  const messageEnv = process.env.TAG_MESSAGE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75af532b17c35972 Environment-variable access.
repo/.github/workflows/scripts/auto-close-github-discussions.js:5
const repoInfo = process.env.GITHUB_REPOSITORY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7af63795677715f Environment-variable access.
repo/.github/workflows/scripts/auto-close-github-discussions.js:16
  const token = process.env.GITHUB_TOKEN

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #871053164447bb7d Environment-variable access.
repo/.github/workflows/scripts/auto-close-github-discussions.js:22
  const closingMessage = process.env.CLOSING_MESSAGE || 'Closing discussion due to inactivity.'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dbd0887876cf2309 Filesystem access.
repo/.github/workflows/scripts/detect-jobs-to-run.js:4
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61ed1fee6690be99 Environment-variable access.
repo/.github/workflows/scripts/detect-jobs-to-run.js:53
  if (typeof process.env.GITHUB_OUTPUT == 'string' && process.env.GITHUB_OUTPUT.length > 0) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #91964ba1850acda2 Environment-variable access.
repo/.github/workflows/scripts/detect-jobs-to-run.js:54
    fs.appendFileSync(process.env.GITHUB_OUTPUT, `jobs=${jobsToRun.join()}\n`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9af58da41d3d664d Filesystem access.
repo/eslint-local-rules/valid-exported-types-index.ts:2
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a434bc6c475ab21 Filesystem access.
repo/helpers/compile/build.ts:4
import { writeFileSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #124669952742f18a Environment-variable access.
repo/helpers/compile/build.ts:117
  if (process.env.WATCH === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #133cb20bf5de4f17 Filesystem access.
repo/helpers/compile/build.ts:128
    writeFileSync(metafilePath, JSON.stringify(build.metafile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc72a0e343195b46 Environment-variable access.
repo/helpers/compile/build.ts:158
  if (process.env.WATCH !== 'true') return context

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bba29c8c7156a442 Environment-variable access.
repo/helpers/compile/build.ts:226
  if (!process.env.IGNORE_EXTERNALS && options.bundle === true) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4bf382c9240918d8 Filesystem access.
repo/helpers/compile/plugins/copyFilePlugin.ts:2
import fs from 'fs/promises'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ff1e6a85b14c360a Environment-variable access.
repo/helpers/compile/plugins/onErrorPlugin.ts:12
        if (process.env.WATCH !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c3b6d2ce1ba77215 Filesystem access.
repo/helpers/compile/plugins/replaceWithPlugin.ts:2
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #faea27e567af9cca Filesystem access.
repo/helpers/compile/plugins/replaceWithPlugin.ts:33
        const contents = await fs.promises.readFile(args.path, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c3082a3630a2e132 Environment-variable access.
repo/helpers/compile/plugins/tscPlugin.ts:76
      if (process.env.WATCH !== 'true' && process.env.DEV !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59d4c3e1536aa4c2 Environment-variable access.
repo/helpers/compile/plugins/tscPlugin.ts:96
        if (process.env.WATCH !== 'true' && process.env.DEV !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01cbef64e9be7b7c Filesystem access.
repo/helpers/compile/plugins/tscPlugin.ts:100
          const dtsContents = await fs.readFile(`${bundlePath}.d.ts`, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7765f9cf508f9af1 Filesystem access.
repo/packages/cli/helpers/build.ts:2
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e402bca0fd3f0242 Environment-variable access.
repo/packages/cli/helpers/build.ts:153
const optionalPlugins = process.env.DEV === 'true' ? [] : [cliTypesBuildConfig, cliConfigBuildConfig]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee2dd47f27ef8da7 Environment-variable access.
repo/packages/cli/jest.setup.js:11
  process.env['JITI_ALIAS'] = JSON.stringify({

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0fe69bf3d81d0ef9 Environment-variable access.
repo/packages/cli/jest.setup.js:18
  delete process.env['JITI_ALIAS']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4197781df36416f1 Environment-variable access.
repo/packages/cli/src/DebugInfo.ts:66
      const value = process.env[name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ae4c5e695106605 Filesystem access.
repo/packages/cli/src/Format.ts:106
      await fs.writeFile(filename, data)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c6007dfd2f9a981 Filesystem access.
repo/packages/cli/src/Generate.ts:23
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #511ba84b4b2857d9 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/Init.ts:467
              await fetch(`https://prisma-generate-server.prisma.workers.dev/`, {
                method: 'POST',
                headers: {
                  'Content-Type': 'application/json',
                },
                body: JSON.stringify({
                  description: prompt,
                }),
              })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #3449d9c7d811f268 Filesystem access.
repo/packages/cli/src/Init.ts:656
      const envFile = fs.readFileSync(envPath, { encoding: 'utf8' })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ab2e996b4cac30d Environment-variable access.
repo/packages/cli/src/Studio.ts:320
        const browser = args['--browser'] || process.env.BROWSER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fcaa2003e7b9ae56 Filesystem access.
repo/packages/cli/src/Studio.ts:644
      return await readFile(filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5d1aaf016c90e7bf Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:3
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0b1a56b275edc660 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:15
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c7a5043853eed922 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:19
  const env = fs.readFileSync(join(ctx.tmpDir, '.env'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9f8591aa7a5f3599 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:22
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d954b5952bde9637 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:48
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #accca50a83c15ad1 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:56
  const env = fs.readFileSync(join(ctx.tmpDir, '.env'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ed6699d2f6dfe110 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:68
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2e361409e07d7dc9 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:96
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #07cc883b65c02d2d Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:104
  const env = fs.readFileSync(join(ctx.tmpDir, '.env'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #924846bf12423f2c Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:116
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #85f161bbb39def8f Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:144
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6c309f5112414676 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:152
  const env = fs.readFileSync(join(ctx.tmpDir, '.env'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3b8c63ed7b61f44e Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:164
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a4517c4bf5b70124 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:179
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b28208de1c2eb6ca Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:187
  const env = fs.readFileSync(join(ctx.tmpDir, '.env'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d645f96a5fca6400 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:199
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #14fcaa72d61620ba Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:209
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f7f3edb0c1ad29c0 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:217
  const env = fs.readFileSync(join(ctx.tmpDir, '.env'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #15b69e93f8a4058c Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:229
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2c745164551b7e52 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:239
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #de3c02df38c36162 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:247
  const env = fs.readFileSync(join(ctx.tmpDir, '.env'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #56ca05546eb7d28b Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:259
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e44732e608029def Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:271
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #60ca2818190cdbdd Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:279
  const env = fs.readFileSync(join(ctx.tmpDir, '.env'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f340b6d6ac9caf5f Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:291
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7456a20b1eb3d2c6 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:301
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #981ef034a7004d2d Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:309
  const env = fs.readFileSync(join(ctx.tmpDir, '.env'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #66e64c69e5891b5c Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:321
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2d9442c161de4009 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:336
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0eee5f33601bce1f Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:340
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a4f96309ef744dfb Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:352
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2cb0e2dae7c380d4 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:356
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1c91826dda5cc90f Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:368
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #df3160a323a06779 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:372
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f26d429d89d74829 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:387
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4ef72a0819d4cbe7 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:395
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #42c2e06aa5fde206 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:405
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2d638f11a737cc16 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:413
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #82f50e13ebcd2bce Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:425
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5c1dd5223a0a02b6 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:433
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e248c23000be46af Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:443
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #21062a5ab3416e3b Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:451
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2d800f3c80d2fed6 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:457
  fs.writeFileSync(join(ctx.tmpDir, '.env'), `DATABASE_URL="postgres://dont:overwrite@me:5432/tests"`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9dc6e05fafa5403a Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:461
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f60a66b599be42e0 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:465
  const env = fs.readFileSync(join(ctx.tmpDir, '.env'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5674782e9edcde70 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:468
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #16677c972b6cbcc3 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:474
  fs.writeFileSync(join(ctx.tmpDir, '.env'), `SOMETHING="is here"`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4da44a7620ff429f Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:478
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9d7eb9c126ff3008 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:482
  const env = fs.readFileSync(join(ctx.tmpDir, '.env'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ac6c15c7d9416182 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:486
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ee60673f96d3b20c Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:494
  const gitignore = fs.readFileSync(join(ctx.tmpDir, '.gitignore'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #512e8e69080cd40b Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:497
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a30695a24fdfb94f Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:505
  fs.writeFileSync(gitignorePath, `# This should not be overridden`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7f4194abc5223601 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:506
  fs.readFileSync(gitignorePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c279b8daea4f4bdc Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:508
  const gitignoreAfter = fs.readFileSync(gitignorePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fe7624346a4ec56b Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:511
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #31887d677fe353a4 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:519
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #810afebb22bd5528 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:522
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f9da7a583b9e6c35 Environment-variable access.
repo/packages/cli/src/__tests__/artificial-panic.test.ts:15
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c645c7aeb2613881 Environment-variable access.
repo/packages/cli/src/__tests__/artificial-panic.test.ts:21
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5a7e84ca61f58915 Environment-variable access.
repo/packages/cli/src/__tests__/artificial-panic.test.ts:23
      process.env[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2368e3b0bdc897e9 Environment-variable access.
repo/packages/cli/src/__tests__/artificial-panic.test.ts:44
    process.env.FORCE_PANIC_SCHEMA_ENGINE = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8dce02430afc98f6 Environment-variable access.
repo/packages/cli/src/__tests__/artificial-panic.test.ts:74
    process.env.FORCE_PANIC_PRISMA_SCHEMA = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ea09a8a55a77275c Environment-variable access.
repo/packages/cli/src/__tests__/artificial-panic.test.ts:100
    process.env.FORCE_PANIC_GET_CONFIG = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #93a1f7d020582657 Environment-variable access.
repo/packages/cli/src/__tests__/artificial-panic.test.ts:126
    process.env.FORCE_PANIC_GET_DMMF = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1dbe2ff994b6e351 Environment-variable access.
repo/packages/cli/src/__tests__/artificial-panic.test.ts:144
    process.env.FORCE_PANIC_GET_DMMF = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f7074159b85e902e Environment-variable access.
repo/packages/cli/src/__tests__/artificial-panic.test.ts:170
    process.env.FORCE_PANIC_GET_DMMF = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #58ca28508ca8a289 Filesystem access.
repo/packages/cli/src/__tests__/commandState.test.ts:1
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d6430993facbe91a Environment-variable access.
repo/packages/cli/src/__tests__/commands/DebugInfo.test.ts:18
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d4e49f9443aecf04 Environment-variable access.
repo/packages/cli/src/__tests__/commands/DebugInfo.test.ts:24
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2609c208615be2ce Environment-variable access.
repo/packages/cli/src/__tests__/commands/DebugInfo.test.ts:26
      process.env[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0248b5bcc869c76d Environment-variable access.
repo/packages/cli/src/__tests__/commands/DebugInfo.test.ts:70
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6d2e0e701cebced2 Environment-variable access.
repo/packages/cli/src/__tests__/commands/DebugInfo.test.ts:82
    Object.keys(envVars).map((key) => delete process.env[key])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #91d9bb7b5decd8df Environment-variable access.
repo/packages/cli/src/__tests__/commands/DebugInfo.test.ts:86
    process.env.TERM = 'dumb'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0d28a4fc9b107213 Environment-variable access.
repo/packages/cli/src/__tests__/commands/DebugInfo.test.ts:160
    process.env.TERM = 'dumb'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #236c66ad18064ff7 Environment-variable access.
repo/packages/cli/src/__tests__/commands/Format.test.ts:19
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ae48f52b9cc98edc Environment-variable access.
repo/packages/cli/src/__tests__/commands/Format.test.ts:25
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #574ee45039b0712b Environment-variable access.
repo/packages/cli/src/__tests__/commands/Format.test.ts:27
      process.env[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8abe0ee50c42240b Filesystem access.
repo/packages/cli/src/__tests__/commands/Format.test.ts:265
    expect(fs.readFileSync('schema.prisma', { encoding: 'utf-8' })).toMatchSnapshot()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #34590297a72aa31f Filesystem access.
repo/packages/cli/src/__tests__/commands/Format.test.ts:271
    expect(fs.readFileSync('missing-backrelation.prisma', { encoding: 'utf-8' })).toMatchSnapshot()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d60151aa9770ed4e Environment-variable access.
repo/packages/cli/src/__tests__/commands/Format.test.ts:312
    process.env.PRISMA_DISABLE_WARNINGS = 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cef66e9d766946bb Environment-variable access.
repo/packages/cli/src/__tests__/commands/Validate.test.ts:18
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c27617ad8c2da8cc Environment-variable access.
repo/packages/cli/src/__tests__/commands/Validate.test.ts:24
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6ee590d15515f67b Environment-variable access.
repo/packages/cli/src/__tests__/commands/Validate.test.ts:26
      process.env[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b099d075273d32af Environment-variable access.
repo/packages/cli/src/__tests__/commands/Validate.test.ts:292
    process.env.PRISMA_DISABLE_WARNINGS = 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #92c86e5013cba504 Filesystem access.
repo/packages/cli/src/__tests__/incomplete-schemas.test.ts:7
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d36e79213bbf91ba Filesystem access.
repo/packages/cli/src/__tests__/incomplete-schemas.test.ts:63
      fs.writeFileSync('script.sql', dbExecuteSQLScript)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a3acacd91eaa1c86 Filesystem access.
repo/packages/cli/src/__tests__/incomplete-schemas.test.ts:140
      fs.writeFileSync('script.sql', dbExecuteSQLScript)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #73aabb6a2dd0c7ff Filesystem access.
repo/packages/cli/src/__tests__/incomplete-schemas.test.ts:241
      fs.writeFileSync('script.sql', dbExecuteSQLScript)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6cd1c9472f3c433e Filesystem access.
repo/packages/cli/src/__tests__/nps.test.ts:1
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #41861adb38979e47 Environment-variable access.
repo/packages/cli/src/__tests__/nps.test.ts:20
        delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ab28d913930e01a1 Environment-variable access.
repo/packages/cli/src/__tests__/nps.test.ts:26
        delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #21666fb0a26b01ae Environment-variable access.
repo/packages/cli/src/__tests__/nps.test.ts:28
        process.env[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #26ebd72ef40e4e80 Environment-variable access.
repo/packages/cli/src/__tests__/nps.test.ts:40
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bc34ba88447d4ba9 Environment-variable access.
repo/packages/cli/src/__tests__/nps.test.ts:65
    process.env.CI = 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #868768fad78b8fd3 Environment-variable access.
repo/packages/cli/src/__tests__/nps.test.ts:134
    process.env.KUBERNETES_SERVICE_HOST = '10.96.0.1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c3a9db928a96767f Environment-variable access.
repo/packages/cli/src/__tests__/nps.test.ts:155
    process.env.GIT_EXEC_PATH = '/nix/store/9z3jhc0rlj3zaw8nd1zka9vli6w0q11g-git-2.47.2/libexec/git-core'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e51d2d884a0bc631 Environment-variable access.
repo/packages/cli/src/__tests__/nps.test.ts:176
    process.env.npm_command = 'install'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6e172a8c3a37ee8c Environment-variable access.
repo/packages/cli/src/__tests__/nps.test.ts:177
    process.env.npm_lifecycle_event = 'prepare'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dbf139c09d11aaaa Environment-variable access.
repo/packages/cli/src/__tests__/printUpdateMessage.test.ts:32
  originalPrismaHideUpdateMessageEnv = process.env.PRISMA_HIDE_UPDATE_MESSAGE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cecd7a1e6394056a Environment-variable access.
repo/packages/cli/src/__tests__/printUpdateMessage.test.ts:33
  delete process.env.PRISMA_HIDE_UPDATE_MESSAGE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #96c23017fe5d75fb Environment-variable access.
repo/packages/cli/src/__tests__/printUpdateMessage.test.ts:38
  process.env.PRISMA_HIDE_UPDATE_MESSAGE = originalPrismaHideUpdateMessageEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c23062e5ac5d74bb Environment-variable access.
repo/packages/cli/src/__tests__/update-message.test.ts:11
    originalPrismaHideUpdateMessageEnv = process.env.PRISMA_HIDE_UPDATE_MESSAGE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9742af2b1750dbf3 Environment-variable access.
repo/packages/cli/src/__tests__/update-message.test.ts:12
    delete process.env.PRISMA_HIDE_UPDATE_MESSAGE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #324cfb2e138b9283 Environment-variable access.
repo/packages/cli/src/__tests__/update-message.test.ts:16
    process.env.PRISMA_HIDE_UPDATE_MESSAGE = originalPrismaHideUpdateMessageEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8db2ae1f84c7de8e Environment-variable access.
repo/packages/cli/src/__tests__/update-message.test.ts:144
    process.env.PRISMA_HIDE_UPDATE_MESSAGE = 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #936a1f40f50344ff Filesystem access.
repo/packages/cli/src/bootstrap/Bootstrap.ts:288
          const envContent = fs.readFileSync(envPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #183ebbbc1979ace5 Environment-variable access.
repo/packages/cli/src/bootstrap/Bootstrap.ts:294
        process.env.DATABASE_URL = databaseUrl

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #757deb62a0dbbdd3 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:160
    fs.writeFileSync(path.join(tmpDir, 'package.json'), '{"name":"test"}', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5190d62b973c9f90 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:206
    fs.writeFileSync(path.join(tmpDir, 'package.json'), '{"name":"test"}', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cc61b90b1cf60938 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:234
    fs.writeFileSync(path.join(tmpDir, 'package.json'), '{"name":"test"}', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5aff1810a76236df Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:266
    fs.writeFileSync(path.join(prismaDir, 'schema.prisma'), 'datasource db { provider = "postgresql" }', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #888788a888db3738 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:293
    fs.writeFileSync(
      path.join(prismaDir, 'schema.prisma'),
      `
datasource db { provider = "postgresql" }
model User { id Int @id }
`,
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b03c1be70bab8796 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:324
    fs.writeFileSync(path.join(tmpDir, 'package.json'), '{"name":"test"}', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bd206618287db46c Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:327
    fs.writeFileSync(
      path.join(prismaDir, 'schema.prisma'),
      'datasource db { provider = "postgresql" }\nmodel User { id Int @id }',
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #40525b9d1c77b536 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:363
    fs.writeFileSync(path.join(tmpDir, 'package.json'), '{"name":"test"}', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #89315cb5c4bdb1e4 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:366
    fs.writeFileSync(
      path.join(prismaDir, 'schema.prisma'),
      'datasource db { provider = "postgresql" }\nmodel User { id Int @id }',
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7e3a03c9833b057a Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:396
    fs.writeFileSync(path.join(tmpDir, 'package.json'), '{"name":"test"}', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c287bce35c091811 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:399
    fs.writeFileSync(
      path.join(prismaDir, 'schema.prisma'),
      'datasource db { provider = "postgresql" }\nmodel User { id Int @id }',
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7eb10a91fa07bd28 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:430
    fs.writeFileSync(
      path.join(tmpDir, 'package.json'),
      '{"name":"test","prisma":{"seed":"npx tsx prisma/seed.ts"}}',
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bad8f8f505d76cae Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:437
    fs.writeFileSync(
      path.join(prismaDir, 'schema.prisma'),
      'datasource db { provider = "postgresql" }\nmodel User { id Int @id }',
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f0596f6f10e268a8 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:464
    fs.writeFileSync(
      path.join(tmpDir, 'package.json'),
      '{"name":"test","prisma":{"seed":"npx tsx prisma/seed.ts"}}',
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8ec9a9f2e69bd119 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:471
    fs.writeFileSync(
      path.join(prismaDir, 'schema.prisma'),
      'datasource db { provider = "postgresql" }\nmodel User { id Int @id }',
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #05c9ecd7492ff8f7 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:503
    fs.writeFileSync(
      path.join(tmpDir, 'package.json'),
      '{"name":"test","prisma":{"seed":"npx tsx prisma/seed.ts"}}',
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d05f5224a5b3ecd1 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:510
    fs.writeFileSync(
      path.join(prismaDir, 'schema.prisma'),
      'datasource db { provider = "postgresql" }\nmodel User { id Int @id }',
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d5ac4e177f63b34b Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:542
    fs.writeFileSync(
      path.join(tmpDir, 'package.json'),
      '{"name":"test","prisma":{"seed":"npx tsx prisma/seed.ts"}}',
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4f30f1a94b7b2fe8 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:549
    fs.writeFileSync(
      path.join(prismaDir, 'schema.prisma'),
      'datasource db { provider = "postgresql" }\nmodel User { id Int @id }',
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #40857d6f3e83e0d1 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:582
    fs.writeFileSync(path.join(tmpDir, 'package.json'), '{"name":"test"}', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cdbe8546ce8d5638 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/project-state.vitest.ts:32
    fs.writeFileSync(path.join(tmpDir, 'package.json'), '{}', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c0941505f894fdeb Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/project-state.vitest.ts:41
    fs.writeFileSync(path.join(prismaDir, 'schema.prisma'), `datasource db { provider = "postgresql" }`, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9fb633cf24300fd0 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/project-state.vitest.ts:49
    fs.writeFileSync(path.join(tmpDir, 'schema.prisma'), `datasource db { provider = "postgresql" }`, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #71a8f5a057dc6d04 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/project-state.vitest.ts:58
    fs.writeFileSync(
      path.join(prismaDir, 'schema.prisma'),
      `
datasource db {
  provider = "postgresql"
  url = env("DATABASE_URL")
}

model User {
  id   Int    @id @default(autoincrement())
  name String
}
`,
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #568206fa4c95e07a Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/project-state.vitest.ts:79
    fs.writeFileSync(path.join(tmpDir, 'prisma.config.ts'), 'export default {}', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3c17f0ba3e34559c Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/project-state.vitest.ts:86
    fs.writeFileSync(path.join(tmpDir, '.env'), 'DATABASE_URL=test', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1e96e125a0c2a24f Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/project-state.vitest.ts:93
    fs.writeFileSync(
      path.join(tmpDir, 'package.json'),
      JSON.stringify({ prisma: { seed: 'ts-node prisma/seed.ts' } }),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #23ab8e35bea5772c Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/project-state.vitest.ts:104
    fs.writeFileSync(path.join(tmpDir, 'package.json'), JSON.stringify({ prisma: { seed: '' } }), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6e328c5b22b46af7 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/project-state.vitest.ts:111
    fs.writeFileSync(path.join(tmpDir, 'package.json'), JSON.stringify({ name: 'test' }), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #24864a8321e7a653 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/project-state.vitest.ts:118
    fs.writeFileSync(
      path.join(tmpDir, 'prisma.config.ts'),
      `import { defineConfig } from 'prisma/config'\nexport default defineConfig({ migrations: { seed: 'tsx ./prisma/seed.ts' } })`,
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c7f5941af186e29c Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/project-state.vitest.ts:129
    fs.writeFileSync(
      path.join(tmpDir, 'prisma.config.ts'),
      `export default defineConfig({\n  migrations: {\n    seed: "npx tsx prisma/seed.ts",\n  },\n})`,
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3f409c55f1af3cf5 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/project-state.vitest.ts:140
    fs.writeFileSync(
      path.join(tmpDir, 'prisma.config.ts'),
      `export default defineConfig({ migrations: { path: 'prisma/migrations' } })`,
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1709b76c359807e5 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/project-state.vitest.ts:159
    fs.writeFileSync(
      path.join(prismaDir, 'schema.prisma'),
      `
datasource db { provider = "postgresql" }

model User {
  id   Int    @id
  name String
  posts Post[]
}

model Post {
  id     Int    @id
  title  String
  author User   @relation(fields: [authorId], references: [id])
  authorId Int
}
`,
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #28c599681d3c2226 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/project-state.vitest.ts:186
    fs.writeFileSync(path.join(prismaDir, 'schema.prisma'), `datasource db { provider = "postgresql" }`, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2b134695bafe63c1 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/project-state.vitest.ts:198
    fs.writeFileSync(
      path.join(tmpDir, 'package.json'),
      JSON.stringify({ prisma: { seed: 'ts-node prisma/seed.ts' } }),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #636d0740a8ab787b Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/project-state.vitest.ts:208
    fs.writeFileSync(
      path.join(tmpDir, 'prisma.config.ts'),
      `export default defineConfig({ migrations: { seed: 'npx tsx prisma/seed.ts' } })`,
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #43627efe43fd6717 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/project-state.vitest.ts:218
    fs.writeFileSync(
      path.join(tmpDir, 'package.json'),
      JSON.stringify({ prisma: { seed: 'ts-node prisma/seed.ts' } }),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e44a3121fb84413a Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/project-state.vitest.ts:223
    fs.writeFileSync(
      path.join(tmpDir, 'prisma.config.ts'),
      `export default defineConfig({ migrations: { seed: 'npx tsx prisma/seed.ts' } })`,
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8542cb17544b48c7 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/template-scaffold.vitest.ts:36
    fs.writeFileSync(path.join(tmpDir, 'pnpm-lock.yaml'), '', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6f7132d0f4ce95cc Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/template-scaffold.vitest.ts:41
    fs.writeFileSync(path.join(tmpDir, 'yarn.lock'), '', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3a02954340930f48 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/template-scaffold.vitest.ts:50
    fs.writeFileSync(path.join(tmpDir, 'pnpm-lock.yaml'), '', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fc594ec68b23fdea Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/template-scaffold.vitest.ts:51
    fs.writeFileSync(path.join(tmpDir, 'yarn.lock'), '', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dbbbc638390de47b Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/template-scaffold.vitest.ts:56
    fs.writeFileSync(path.join(tmpDir, 'package.json'), '{"packageManager":"[email protected]"}', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #99cce3fe91bc7d83 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/template-scaffold.vitest.ts:61
    fs.writeFileSync(path.join(tmpDir, 'package.json'), '{"packageManager":"[email protected]"}', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e2fa07ef4a6c8265 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/template-scaffold.vitest.ts:66
    fs.writeFileSync(path.join(tmpDir, 'package.json'), '{"packageManager":"[email protected]"}', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e9aee6e2df0c0a82 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/template-scaffold.vitest.ts:71
    fs.writeFileSync(path.join(tmpDir, 'yarn.lock'), '', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0e829fd715d629c7 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/template-scaffold.vitest.ts:72
    fs.writeFileSync(path.join(tmpDir, 'package.json'), '{"packageManager":"[email protected]"}', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99516ebaf5c4338e Filesystem access.
repo/packages/cli/src/bootstrap/project-state.ts:34
    const pkg = JSON.parse(fs.readFileSync(packageJsonPath, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #053688643e14e6f6 Filesystem access.
repo/packages/cli/src/bootstrap/project-state.ts:48
    const content = fs.readFileSync(configPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #24ca963f5fdd6678 Filesystem access.
repo/packages/cli/src/bootstrap/project-state.ts:59
    const content = fs.readFileSync(schemaPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0d62fc3376f995a Filesystem access.
repo/packages/cli/src/bootstrap/project-state.ts:71
      const pkg = JSON.parse(fs.readFileSync(packageJsonPath, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #be78bbff555db74a Filesystem access.
repo/packages/cli/src/bootstrap/project-state.ts:81
      const content = fs.readFileSync(configPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #93e6d747aadb645e Filesystem access.
repo/packages/cli/src/bootstrap/project-state.ts:97
      const content = fs.readFileSync(schemaPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd0ca91cbcfcafa7 Environment-variable access.
repo/packages/cli/src/bootstrap/telemetry.ts:6
  return Boolean(process.env.CHECKPOINT_DISABLE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #ba547000b2966552 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/bootstrap/template-scaffold.ts:54
  const response = await fetch(PRISMA_EXAMPLES_TARBALL_URL, {
    headers: { Accept: 'application/vnd.github+json', 'User-Agent': 'prisma-cli' },
    redirect: 'follow',
    signal: AbortSignal.timeout(120_000),
  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #a98db50d28c57bfe Filesystem access.
repo/packages/cli/src/bootstrap/template-scaffold.ts:82
        fs.writeFileSync(destPath, tarBuffer.subarray(offset, offset + header.size))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dba8930e5c34b603 Filesystem access.
repo/packages/cli/src/bootstrap/template-scaffold.ts:161
      const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ae4d2d059281e98 Filesystem access.
repo/packages/cli/src/generate/introspectSql.ts:4
import fs from 'fs/promises'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #387767d71e55d844 Filesystem access.
repo/packages/cli/src/generate/introspectSql.ts:39
    const source = await fs.readFile(path.join(typedSqlDirPath, fileName), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1210aba064312201 Filesystem access.
repo/packages/cli/src/init/file-writer.ts:17
    fs.writeFileSync(absPath, content, options)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #58f0696425137aa3 Environment-variable access.
repo/packages/cli/src/postgres/link/Link.ts:43
  return process.env.PRISMA_MANAGEMENT_API_URL ?? DEFAULT_MANAGEMENT_API_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12b8f47bb0037cd0 Environment-variable access.
repo/packages/cli/src/postgres/link/Link.ts:182
    const apiKey = explicitApiKey ?? (databaseId ? process.env.PRISMA_API_KEY : undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a4cb12ed319d2dad Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/Link.vitest.ts:119
    const envContent = fs.readFileSync(path.join(tmpDir, '.env'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3b7de5d0615cdfe0 Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/Link.vitest.ts:139
    fs.writeFileSync(
      path.join(prismaDir, 'schema.prisma'),
      `
datasource db {
  provider = "postgresql"
  url      = env("DATABASE_URL")
}

model User {
  id    Int    @id @default(autoincrement())
  name  String
}
`,
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a5a3b186e80a12c4 Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/Link.vitest.ts:198
    fs.writeFileSync(
      path.join(tmpDir, '.env'),
      "DATABASE_URL='postgres://user:[email protected]:5432/postgres'\n",
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b5699bb6f9d6037d Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/Link.vitest.ts:216
    fs.writeFileSync(
      path.join(tmpDir, '.env'),
      "DATABASE_URL='postgres://user:[email protected]:5432/postgres'\n",
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8ea747b468ff6347 Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/local-setup.vitest.ts:31
    const content = fs.readFileSync(envPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #17eef3a680b459ad Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/local-setup.vitest.ts:37
    fs.writeFileSync(envPath, 'EXISTING_VAR="hello"\n', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4518db80459b95f5 Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/local-setup.vitest.ts:47
    const content = fs.readFileSync(envPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #363e17c3cab8a979 Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/local-setup.vitest.ts:53
    fs.writeFileSync(envPath, 'DATABASE_URL="old-value"\n', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #73d621c57f650572 Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/local-setup.vitest.ts:63
    const content = fs.readFileSync(envPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d9e24c681af098b6 Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/local-setup.vitest.ts:69
    fs.writeFileSync(envPath, 'DATABASE_URL="old-value"\n', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #de8144d906686b21 Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/local-setup.vitest.ts:79
    const content = fs.readFileSync(envPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d7d72ccea11da1df Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/local-setup.vitest.ts:90
    const content = fs.readFileSync(envPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0f8f6e667edbd441 Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/local-setup.vitest.ts:101
    fs.writeFileSync(path.join(tmpDir, '.gitignore'), 'node_modules\n.env\n', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c6eb70b4b143caf9 Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/local-setup.vitest.ts:106
    fs.writeFileSync(path.join(tmpDir, '.gitignore'), '/.env\n', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6608ac416a075a08 Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/local-setup.vitest.ts:111
    fs.writeFileSync(path.join(tmpDir, '.gitignore'), 'node_modules\ndist\n', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d55976820ad06405 Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/local-setup.vitest.ts:126
    const envContent = fs.readFileSync(path.join(tmpDir, '.env'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #72ca6702f932a71e Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/local-setup.vitest.ts:137
    fs.writeFileSync(path.join(tmpDir, '.env'), "DATABASE_URL='postgres://localhost:5432/mydb'\n", 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0cd8feabf750caa6 Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/local-setup.vitest.ts:142
    fs.writeFileSync(
      path.join(tmpDir, '.env'),
      "DATABASE_URL='postgres://user:[email protected]:5432/postgres'\n",
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9a59c7595025493a Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/local-setup.vitest.ts:151
    fs.writeFileSync(
      path.join(tmpDir, '.env'),
      "DATABASE_URL='postgres://user:[email protected]:5432/postgres'\n",
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e94feeb7146ea3f9 Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/local-setup.vitest.ts:160
    fs.writeFileSync(path.join(tmpDir, '.env'), "OTHER_VAR='value'\n", 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2d2901ff4e06e75 Filesystem access.
repo/packages/cli/src/postgres/link/local-setup.ts:22
    fs.writeFileSync(envPath, lines.join('\n') + '\n', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #868b73f578c73621 Filesystem access.
repo/packages/cli/src/postgres/link/local-setup.ts:28
  let content = fs.readFileSync(envPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5e8e22d3517e247 Filesystem access.
repo/packages/cli/src/postgres/link/local-setup.ts:46
  fs.writeFileSync(envPath, content, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8585eff48898e5d Filesystem access.
repo/packages/cli/src/postgres/link/local-setup.ts:61
  const content = fs.readFileSync(gitignorePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c0ab1127b9b78de4 Filesystem access.
repo/packages/cli/src/postgres/link/local-setup.ts:87
  const parsed = dotenv.parse(fs.readFileSync(envPath, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #dd340c13676d3400 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/status-page.ts:156
    const response = await fetch(SUMMARY_API_URL, { signal: AbortSignal.timeout(10_000) })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #31ff61e1d27981ff Environment-variable access.
repo/packages/cli/src/utils/checkpoint.ts:37
  if (process.env['CHECKPOINT_DISABLE']) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3dc3533294fd96a4 Environment-variable access.
repo/packages/cli/src/utils/checkpoint.ts:94
      information: args['--telemetry-information'] || process.env.PRISMA_TELEMETRY_INFORMATION,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d88db52db4e5b304 Filesystem access.
repo/packages/cli/src/utils/commandState.ts:2
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99e3275b173447dc Filesystem access.
repo/packages/cli/src/utils/commandState.ts:19
  const data = await fs.promises
    .readFile(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2a6cd00fdbcf784a Filesystem access.
repo/packages/cli/src/utils/commandState.ts:25
    await fs.promises.writeFile(filePath, JSON.stringify(state))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a63f468d03dc8655 Filesystem access.
repo/packages/cli/src/utils/getClientVersion.ts:1
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4580c2f0c79641bc Filesystem access.
repo/packages/cli/src/utils/getClientVersion.ts:23
    const pkgJsonString = await fs.promises.readFile(pkgJsonPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81d8f97723eecba7 Filesystem access.
repo/packages/cli/src/utils/getClientVersion.ts:47
    const pkgJsonString = await fs.promises.readFile(pkgJsonPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #52f6eb0a1b6ae2a9 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/utils/nps/capture.ts:11
const posthogCaptureUrl = new URL('https://proxyhog.prisma-data.net/capture')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #7fc6d94a50265011 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/utils/nps/status.ts:14
const npsStatusUrl = new URL('https://pub-833f4cf4b3dc4d17a6db4981affc9fbb.r2.dev/timeframe.json')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #8b5ef3a4819488b7 Filesystem access.
repo/packages/cli/src/utils/nps/survey.ts:5
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #832aa5ee2e41310b Filesystem access.
repo/packages/cli/src/utils/nps/survey.ts:165
  const data = await fs.promises
    .readFile(getConfigPath(), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc4de0bddfe9e7dd Filesystem access.
repo/packages/cli/src/utils/nps/survey.ts:187
  await fs.promises.writeFile(configPath, JSON.stringify(config))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #275683455ff20882 Environment-variable access.
repo/packages/cli/src/utils/printUpdateMessage.ts:8
  const shouldHide = process.env.PRISMA_HIDE_UPDATE_MESSAGE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3e7dc6526054354b Filesystem access.
repo/packages/cli/src/utils/prompt/utils/isDirEmpty.ts:1
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2af7c08c34e90f98 Filesystem access.
repo/packages/client-generator-js/src/generateClient.ts:13
import fs from 'fs/promises'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7aa4aa2eaee173f Filesystem access.
repo/packages/client-generator-js/src/generateClient.ts:378
  await fs.writeFile(schemaTargetPath, datamodel, { encoding: 'utf-8' })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ffc2bd7e331eae6 Filesystem access.
repo/packages/client-generator-js/src/generateClient.ts:393
    await fs.writeFile(path.join(outputDir, `${filename}.wasm`), Buffer.from(wasmBase64, 'base64'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a17d070125891d60 Filesystem access.
repo/packages/client-generator-js/src/generateClient.ts:403
    await fs.writeFile(signalsPath, Date.now().toString())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #04f9c5ba77dc2d49 Filesystem access.
repo/packages/client-generator-js/src/generateClient.ts:416
        await fs.writeFile(absolutePath, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ade5f5ad24bfe07 Filesystem access.
repo/packages/client-generator-js/src/generateClient.ts:559
    content = await fs.readFile(path.join(directory, 'package.json'), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2acbccb289c72cc4 Filesystem access.
repo/packages/client-generator-js/src/generateClient.ts:633
        const content = await fs.readFile(sourcePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0f3281c292d1c7c Filesystem access.
repo/packages/client-generator-js/src/generateClient.ts:634
        await fs.writeFile(targetPath, addPreamble(content))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #646d826415017628 Environment-variable access.
repo/packages/client-generator-js/src/generator.ts:80
      copyRuntimeSourceMaps: Boolean(process.env.PRISMA_COPY_RUNTIME_SOURCEMAPS),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #351d2f903f5a5d98 Environment-variable access.
repo/packages/client-generator-ts/src/file-extensions.ts:15
  if (!recommended.includes(extension) && !process.env.PRISMA_DISABLE_WARNINGS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #16aff9d80ddd6d68 Filesystem access.
repo/packages/client-generator-ts/src/generateClient.ts:245
        await fs.writeFile(absolutePath, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f2ed4a66dd149f5 Filesystem access.
repo/packages/client-generator-ts/src/utils/wasm.ts:125
    return fs.readFileSync(bundledLocation)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ab1d10a0290e003 Filesystem access.
repo/packages/client-generator-ts/src/utils/wasm.ts:129
    return fs.readFileSync(sourceLocation)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #550c2e4491a04b66 Filesystem access.
repo/packages/client/helpers/build.ts:1
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a89a1fe4f18c516 Environment-variable access.
repo/packages/client/helpers/build.ts:31
const shouldMinify = !process.env.DEV && process.env.MINIFY !== 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7048427f972d9c26 Filesystem access.
repo/packages/client/helpers/build.ts:178
                  const wasmBuffer = fs.readFileSync(wasmFilePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #127c187063be0ff2 Filesystem access.
repo/packages/client/helpers/build.ts:185
                    fs.writeFileSync(base64FilePath, base64Content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d6d8f589179882e5 Filesystem access.
repo/packages/client/helpers/build.ts:211
  fs.writeFileSync(path.join(runtimeDir, fileName), 'export * from "./client"\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1a544092adb24fc Environment-variable access.
repo/packages/client/helpers/jestSetup.js:1
process.env.PRISMA_HIDE_PREVIEW_FLAG_WARNINGS = 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #909f0a641258b401 Filesystem access.
repo/packages/client/helpers/new-test/new-test.ts:2
import fs from 'fs/promises'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d305ee2166c64ba5 Filesystem access.
repo/packages/client/helpers/new-test/new-test.ts:116
  await fs.writeFile(at, template(relImport))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #03dc964f85f7a916 Environment-variable access.
repo/packages/client/scripts/colors.js:14
    colors.enabled = process.env.FORCE_COLOR !== '0'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2b24a1a192db4841 Filesystem access.
repo/packages/client/src/__tests__/benchmarks/huge-schema/builder.ts:3
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #67f104413018414f Filesystem access.
repo/packages/client/src/__tests__/benchmarks/huge-schema/builder.ts:10
  fs.writeFileSync(location, data, {})

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #376f23a0e0191021 Environment-variable access.
repo/packages/client/src/__tests__/benchmarks/huge-schema/huge-schema.bench.ts:26
if (!process.env.CODSPEED_BENCHMARK) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cfa3b23c4841be86 Filesystem access.
repo/packages/client/src/__tests__/benchmarks/lots-of-relations/builder.ts:1
import fs from 'fs/promises'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #62842cb38bebd774 Filesystem access.
repo/packages/client/src/__tests__/benchmarks/lots-of-relations/builder.ts:39
  await fs.writeFile('schema.prisma', str)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9ea528f6bdade21d Filesystem access.
repo/packages/client/src/__tests__/benchmarks/query-performance/caching.bench.ts:18
const BENCHMARK_DATAMODEL = fs.readFileSync(path.join(__dirname, 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #477183ee25412226 Environment-variable access.
repo/packages/client/src/__tests__/benchmarks/query-performance/qc-loader.ts:16
        if (process.env.LOCAL_QC_BUILD_DIRECTORY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5652024261db2a25 Environment-variable access.
repo/packages/client/src/__tests__/benchmarks/query-performance/qc-loader.ts:17
          runtimePath = path.join(process.env.LOCAL_QC_BUILD_DIRECTORY, provider, 'query_compiler_fast_bg.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c6f6144f8a42e154 Environment-variable access.
repo/packages/client/src/__tests__/benchmarks/query-performance/qc-loader.ts:25
        if (process.env.LOCAL_QC_BUILD_DIRECTORY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f0b0760736c8c1f5 Environment-variable access.
repo/packages/client/src/__tests__/benchmarks/query-performance/qc-loader.ts:26
          const wasmPath = path.join(process.env.LOCAL_QC_BUILD_DIRECTORY, provider, 'query_compiler_fast_bg.wasm')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #efb8c1cd945b948e Filesystem access.
repo/packages/client/src/__tests__/benchmarks/query-performance/qc-loader.ts:27
          moduleBytes = await fs.promises.readFile(wasmPath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a173e4480345315d Environment-variable access.
repo/packages/client/src/__tests__/benchmarks/query-performance/query-performance.bench.ts:257
  if (process.env.CODSPEED_BENCHMARK) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #de2a7f038374e160 Filesystem access.
repo/packages/client/src/__tests__/dmmfTypes.test.ts:2
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3a7d0f95a6db6217 Filesystem access.
repo/packages/client/src/__tests__/dmmfTypes.test.ts:33
  fs.writeFileSync(target, file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7901f33409dade88 Environment-variable access.
repo/packages/client/src/__tests__/integration/__helpers__/migrateDb.ts:10
  const databaseUrl = process.env.DATABASE_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6cf7909a4f077960 Environment-variable access.
repo/packages/client/src/__tests__/integration/errors/executeRaw-alter-postgres/test.ts:11
  process.env.DATABASE_URL = process.env.TEST_POSTGRES_URI!.replace('tests', 'tests-execute-raw-alter')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #016b5bc53ca550d7 Environment-variable access.
repo/packages/client/src/__tests__/integration/errors/executeRaw-alter-postgres/test.ts:12
  await tearDownPostgres(process.env.DATABASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d2fd643091885af1 Environment-variable access.
repo/packages/client/src/__tests__/integration/errors/int-errors/test.ts:12
    let connectionString = process.env.TEST_MYSQL_URI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ee1a9d65f9f2609b Environment-variable access.
repo/packages/client/src/__tests__/integration/errors/multi-schema/test.ts:18
    process.env.DATABASE_URL = process.env.TEST_POSTGRES_URI!.replace('tests', 'tests-multischema')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #150afe926d5487b4 Environment-variable access.
repo/packages/client/src/__tests__/integration/errors/multi-schema/test.ts:19
    await tearDownPostgres(process.env.DATABASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c1d675d01a416663 Environment-variable access.
repo/packages/client/src/__tests__/integration/errors/multi-schema/test.ts:21
      connectionString: process.env.DATABASE_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4cb872947639e805 Environment-variable access.
repo/packages/client/src/__tests__/integration/errors/referentialActions-onDelete-default-foreign-key-error-mysql/test.ts:11
    process.env.DATABASE_URL = process.env.TEST_MYSQL_URI!.replace('tests', 'tests-referentialActions-onDelete-default')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #78f1880bf53e194b Environment-variable access.
repo/packages/client/src/__tests__/integration/errors/referentialActions-onDelete-default-foreign-key-error-mysql/test.ts:12
    await tearDownMysql(process.env.DATABASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #878d2052ec72e38d Environment-variable access.
repo/packages/client/src/__tests__/integration/errors/referentialActions-onDelete-default-foreign-key-error-postgresql/test.ts:11
    process.env.DATABASE_URL = process.env.TEST_POSTGRES_URI!.replace(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #98bfe483152b6b41 Environment-variable access.
repo/packages/client/src/__tests__/integration/errors/referentialActions-onDelete-default-foreign-key-error-postgresql/test.ts:15
    await tearDownPostgres(process.env.DATABASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #38e174a114ea7135 Environment-variable access.
repo/packages/client/src/__tests__/integration/errors/referentialActions-onDelete-default-foreign-key-error-sqlserver/test.ts:10
describeIf(!process.env.TEST_SKIP_MSSQL)('referentialActions-onDelete-default-foreign-key-error(sqlserver)', () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e5ad0960a4e70bc0 Environment-variable access.
repo/packages/client/src/__tests__/integration/errors/referentialActions-onDelete-default-foreign-key-error-sqlserver/test.ts:12
    if (!process.env.TEST_MSSQL_JDBC_URI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4b2dc0191aab68f4 Environment-variable access.
repo/packages/client/src/__tests__/integration/errors/referentialActions-onDelete-default-foreign-key-error-sqlserver/test.ts:15
    process.env.DATABASE_URL = process.env.TEST_MSSQL_JDBC_URI.replace('master', 'referentialActions-onDelete-default')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bf3ba1c24887148c Environment-variable access.
repo/packages/client/src/__tests__/integration/errors/wrong-native-types-mysql/test.ts:11
  process.env.DATABASE_URL = process.env.TEST_MYSQL_URI!.replace('tests', 'tests-wrong-native-types')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d50164910e891b48 Environment-variable access.
repo/packages/client/src/__tests__/integration/errors/wrong-native-types-mysql/test.ts:12
  await tearDownMysql(process.env.DATABASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #21b1ed7eb9e2dafd Environment-variable access.
repo/packages/client/src/__tests__/integration/errors/wrong-native-types-postgres/test.ts:11
  process.env.DATABASE_URL = process.env.TEST_POSTGRES_URI!.replace('tests', 'tests-wrong-native-types-tests')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2eba9a6629f22ab9 Environment-variable access.
repo/packages/client/src/__tests__/integration/errors/wrong-native-types-postgres/test.ts:12
  await tearDownPostgres(process.env.DATABASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d40dcc8ac79c88b6 Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/insensitive-postgresql-feature-flag/test.ts:7
  const connectionString = process.env.TEST_POSTGRES_URI!.replace('tests', 'tests-insensitive-postgresql-feature-flag')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9784d27583ed47b7 Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/insensitive-postgresql/test.ts:7
  const connectionString = process.env.TEST_POSTGRES_URI!.replace('tests', 'tests-insensitive-postgresql')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8e12faf5697e460a Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/json-filtering-mysql/test.ts:13
    process.env.DATABASE_URL = process.env.TEST_MYSQL_URI!.replace('tests', 'tests-json-filtering')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #28615e183c562a53 Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/json-filtering-mysql/test.ts:14
    await tearDownMysql(process.env.DATABASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #03456b0cbfc0afb7 Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/json-filtering-postgres/test.ts:12
const isMacOrWindowsCI = Boolean(process.env.CI) && ['darwin', 'win32'].includes(process.platform)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #53ca049d22e2603a Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/json-filtering-postgres/test.ts:19
    process.env.DATABASE_URL = process.env.TEST_POSTGRES_URI!.replace('tests', 'tests-json-filtering')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2cae7709b09a90fd Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/json-filtering-postgres/test.ts:20
    await tearDownPostgres(process.env.DATABASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #edfad267ee8f8705 Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/mysql-binary-id/test.ts:8
  process.env.DATABASE_URL = process.env.TEST_MYSQL_URI!.replace('tests', 'tests-mysql-binary-id')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #88b5fade332d3f33 Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/mysql-binary-id/test.ts:9
  await tearDownMysql(process.env.DATABASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1010463d5d4d8595 Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/native-types-mysql/test.ts:9
  process.env.DATABASE_URL = process.env.TEST_MYSQL_URI!.replace('tests', 'tests-native-types')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #92b720c8a2e10bc3 Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/native-types-mysql/test.ts:10
  await tearDownMysql(process.env.DATABASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a7ef30ee51b5d65e Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/native-types-postgres/test.ts:9
  process.env.DATABASE_URL = process.env.TEST_POSTGRES_URI!.replace('tests', 'tests-native-types-tests')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a6df1f77f0bac525 Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/native-types-postgres/test.ts:10
  await tearDownPostgres(process.env.DATABASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bf0b6efb8457ba9b Filesystem access.
repo/packages/client/src/__tests__/integration/happy/not-so-exhaustive-schema-mongo/common.ts:1
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f379da33ced138d1 Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/not-so-exhaustive-schema-mongo/common.ts:6
const isMacOrWindowsCI = Boolean(process.env.CI) && ['darwin', 'win32'].includes(process.platform)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #100cade7cfd6c8d8 Filesystem access.
repo/packages/client/src/__tests__/integration/happy/not-so-exhaustive-schema-mongo/common.ts:20
  const generatedTypeScript = fs.readFileSync(path.join(clientDir, './node_modules/.prisma/client/index.d.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f2cb1b44c9c8c475 Filesystem access.
repo/packages/client/src/__tests__/integration/happy/not-so-exhaustive-schema-mongo/common.ts:21
  const generatedBrowserJS = fs.readFileSync(
    path.join(clientDir, './node_modules/.prisma/client/index-browser.js'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ca9e85f7639c11c6 Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/not-so-exhaustive-schema-mongo/dmmf-types.test.ts:8
const isMacOrWindowsCI = Boolean(process.env.CI) && ['darwin', 'win32'].includes(process.platform)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7974c87fcad87c8e Filesystem access.
repo/packages/client/src/__tests__/integration/happy/not-so-exhaustive-schema-mongo/dmmf-types.test.ts:17
  const datamodel = fs.readFileSync(path.join(__dirname, 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f8166e560e2d3b3d Filesystem access.
repo/packages/client/src/__tests__/integration/happy/not-so-exhaustive-schema-mongo/dmmf-types.test.ts:21
  fs.writeFileSync(
    dmmfFile,
    `import type * as DMMF from '@prisma/dmmf'

  const dmmf: DMMF.Document = ${JSON.stringify(dmmf, null, 2)}`,
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c6871937932b9b13 Filesystem access.
repo/packages/client/src/__tests__/integration/happy/not-so-exhaustive-schema/common.ts:1
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ab9690c239f3a313 Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/not-so-exhaustive-schema/common.ts:6
const isMacOrWindowsCI = Boolean(process.env.CI) && ['darwin', 'win32'].includes(process.platform)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3be6c003a3608bd9 Filesystem access.
repo/packages/client/src/__tests__/integration/happy/not-so-exhaustive-schema/common.ts:20
  const generatedTypeScript = fs.readFileSync(path.join(clientDir, './node_modules/.prisma/client/index.d.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #364a9dbabdf444d5 Filesystem access.
repo/packages/client/src/__tests__/integration/happy/not-so-exhaustive-schema/common.ts:21
  const generatedBrowserJS = fs.readFileSync(
    path.join(clientDir, './node_modules/.prisma/client/index-browser.js'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9059f761965b6376 Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/not-so-exhaustive-schema/dmmf-types.test.ts:8
const isMacOrWindowsCI = Boolean(process.env.CI) && ['darwin', 'win32'].includes(process.platform)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b7a33e1fbe0ba090 Filesystem access.
repo/packages/client/src/__tests__/integration/happy/not-so-exhaustive-schema/dmmf-types.test.ts:17
  const datamodel = fs.readFileSync(path.join(__dirname, 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3bdbd6b3521ba302 Filesystem access.
repo/packages/client/src/__tests__/integration/happy/not-so-exhaustive-schema/dmmf-types.test.ts:21
  fs.writeFileSync(
    dmmfFile,
    `import type * as DMMF from '@prisma/dmmf'

  const dmmf: DMMF.Document = ${JSON.stringify(dmmf, null, 2)}`,
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1db7fbb2fd6e72c4 Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/postgres-json-list/test.ts:8
  process.env.DATABASE_URL = process.env.TEST_POSTGRES_URI!.replace('tests', 'tests-json-postgres')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c483ab9a69ce03fe Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/postgres-json-list/test.ts:9
  await tearDownPostgres(process.env.DATABASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b05a2c99c8470706 Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/referentialActions-onDelete-cascade-mysql/test.ts:11
    process.env.DATABASE_URL = process.env.TEST_MYSQL_URI!.replace('tests', 'tests-referentialActions-onDelete-Cascade')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #41c4fb8e83421034 Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/referentialActions-onDelete-cascade-mysql/test.ts:12
    await tearDownMysql(process.env.DATABASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #693096c77878d89b Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/referentialActions-onDelete-cascade-postgresql/test.ts:11
    process.env.DATABASE_URL = process.env.TEST_POSTGRES_URI!.replace(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #09e0bdd9e3f65818 Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/referentialActions-onDelete-cascade-postgresql/test.ts:15
    await tearDownPostgres(process.env.DATABASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #09822eace027aa0e Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/referentialActions-onDelete-cascade-sqlserver/test.ts:9
describeIf(!process.env.TEST_SKIP_MSSQL)('referentialActions(sqlserver)', () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #65ecd8efcb3805f3 Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/referentialActions-onDelete-cascade-sqlserver/test.ts:11
    if (!process.env.TEST_MSSQL_JDBC_URI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #79d421a79529298e Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/scalar-list/test.ts:8
  process.env.DATABASE_URL = process.env.TEST_POSTGRES_URI!.replace('tests', 'tests-scalar-list-test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #16e5b59d0a9b7f8b Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/scalar-list/test.ts:9
  await tearDownPostgres(process.env.DATABASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #657cc8b607dbcbd2 Filesystem access.
repo/packages/client/src/__tests__/integration/happy/sqlite-variable-limit/test.ts:5
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7bc4dd5f33aed11f Filesystem access.
repo/packages/client/src/__tests__/integration/happy/transaction/test.ts:3
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c226e530535c7922 Filesystem access.
repo/packages/client/src/__tests__/integration/happy/uncheckedScalarInputs/test.ts:1
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a44fac483cc74214 Filesystem access.
repo/packages/client/src/__tests__/typeDeclaration.test.ts:1
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5caeed26bae63fe9 Filesystem access.
repo/packages/client/src/__tests__/typeDeclaration.test.ts:10
      const dtsContents = fs.readFileSync(path.join(runtimeDir, file), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #741ae96cfa56a706 Environment-variable access.
repo/packages/client/src/__tests__/validatePrismaClientOptions.test.ts:15
    globalEngineTypeOverride = process.env.PRISMA_CLIENT_ENGINE_TYPE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #65c0272c14d198f4 Environment-variable access.
repo/packages/client/src/__tests__/validatePrismaClientOptions.test.ts:16
    delete process.env.PRISMA_CLIENT_ENGINE_TYPE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #18a6383bd1122cce Environment-variable access.
repo/packages/client/src/__tests__/validatePrismaClientOptions.test.ts:21
      process.env.PRISMA_CLIENT_ENGINE_TYPE = globalEngineTypeOverride

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d324503851de5c32 Environment-variable access.
repo/packages/client/src/runtime/RequestHandler.ts:171
    if (process.env.PRISMA_CLIENT_GET_TIME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ca7fc630d8a770b5 Environment-variable access.
repo/packages/client/src/runtime/core/engines/accelerate/getUrlAndApiKey.ts:52
  if (process.env.TEST_CLIENT_ENGINE_REMOTE_EXECUTOR && url.searchParams.has('use_http')) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ee2b4b57380d759 Environment-variable access.
repo/packages/client/src/runtime/getPrismaClient.ts:463
        } else if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a286eedb44434cb Environment-variable access.
repo/packages/client/src/runtime/getPrismaClient.ts:465
        } else if (process.env.NO_COLOR) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4e47e2fbe5b875f Filesystem access.
repo/packages/client/src/runtime/utils/SourceFileSlice.ts:1
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd0a227a1e5570d9 Filesystem access.
repo/packages/client/src/runtime/utils/SourceFileSlice.ts:22
      content = fs.readFileSync(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b6f17ffd34bd864b Environment-variable access.
repo/packages/client/src/runtime/utils/createErrorMessageWithContext.ts:86
  if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8f27dcd744e7cd6d Filesystem access.
repo/packages/client/src/utils/setupMSSQL.ts:1
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c4791fa7075fd358 Filesystem access.
repo/packages/client/src/utils/setupMSSQL.ts:30
  const schema = fs.readFileSync(path.join(dirname, 'setup.sql'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ca6512f05d51b0ae Filesystem access.
repo/packages/client/src/utils/setupMysql.ts:2
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e533bece402141fe Filesystem access.
repo/packages/client/src/utils/setupMysql.ts:14
  const schema = fs.readFileSync(path.join(dirname, 'setup.sql'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4eb4af29c647d64c Filesystem access.
repo/packages/client/src/utils/setupPostgres.ts:2
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1fee8bdc15456c84 Filesystem access.
repo/packages/client/src/utils/setupPostgres.ts:14
  const schema = fs.readFileSync(path.join(dirname, 'setup.sql'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2f7b78c147298dab Environment-variable access.
repo/packages/config/src/__tests__/env.test.ts:6
const originalValue = process.env[VAR_NAME]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ca75f3ba59ffe0a0 Environment-variable access.
repo/packages/config/src/__tests__/env.test.ts:10
    delete process.env[VAR_NAME]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #aee6e0f57bfc6572 Environment-variable access.
repo/packages/config/src/__tests__/env.test.ts:15
      delete process.env[VAR_NAME]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #263c4e2c510005a9 Environment-variable access.
repo/packages/config/src/__tests__/env.test.ts:17
      process.env[VAR_NAME] = originalValue

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0a3b4bfcedd457c3 Environment-variable access.
repo/packages/config/src/__tests__/env.test.ts:22
    process.env[VAR_NAME] = 'postgresql://example'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #180df11df4e2f703 Environment-variable access.
repo/packages/config/src/__tests__/env.test.ts:34
    process.env[VAR_NAME] = ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5adb6d1c477b6db0 Environment-variable access.
repo/packages/config/src/__tests__/fixtures/loadConfigFromFile/datasource-url-undefined/prisma.config.ts:5
    url: process.env['UNDEFINED_VARIABLE'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #82960349f29c9c5f Filesystem access.
repo/packages/config/src/__tests__/fixtures/loadConfigFromFile/env-load-esm/prisma.config.ts:7
const env = await fs.readFile('.env', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ac92348781e00d13 Environment-variable access.
repo/packages/config/src/__tests__/fixtures/loadConfigFromFile/env-load-esm/prisma.config.ts:21
  process.env[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7f97cbc6df02a0ca Environment-variable access.
repo/packages/config/src/__tests__/loadConfigFromFile.test.ts:742
      expect(process.env.TEST_CONNECTION_STRING).toBeUndefined()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b235e55e81613c76 Environment-variable access.
repo/packages/config/src/__tests__/loadConfigFromFile.test.ts:753
      expect(process.env.TEST_CONNECTION_STRING).toEqual('postgres://test-connection-string-from-env-cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a4f51c1a758d534a Environment-variable access.
repo/packages/config/src/__tests__/loadConfigFromFile.test.ts:765
      expect(process.env.TEST_CONNECTION_STRING).toEqual('postgres://test-connection-string-from-env-esm')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cfacfed4bfa3eb9d Environment-variable access.
repo/packages/config/src/env.ts:15
  const value = process.env[name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c982c1273b0639f Environment-variable access.
repo/packages/config/vitest.setup.ts:13
  process.env['JITI_ALIAS'] = JSON.stringify({

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa24238603beb2ce Environment-variable access.
repo/packages/config/vitest.setup.ts:19
  delete process.env['JITI_ALIAS']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86a534ca096c292e Filesystem access.
repo/packages/credentials-store/src/index.ts:1
import { chmod, mkdir, readFile, writeFile } from 'fs/promises'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c055a2620f02709f Environment-variable access.
repo/packages/credentials-store/src/index.ts:31
      process.env.PRISMA_PLATFORM_AUTH_FILE ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #31e2948a38bb88f9 Filesystem access.
repo/packages/credentials-store/src/index.ts:38
      const content = await readFile(this.authFilePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #436195ed715df5cc Filesystem access.
repo/packages/credentials-store/src/index.ts:82
    await writeFile(this.authFilePath, JSON.stringify(data, null, 2), { mode: 0o600 })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b4d5c3465e871239 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:13
  delete process.env.DEBUG

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #08bfd365b79845d4 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:14
  delete process.env.DEBUG_COLORS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #25289615d2041575 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:29
  process.env.DEBUG = 'test'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ca48a99b30dbe6bf Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:30
  process.env.DEBUG_COLORS = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #72b6e7723acce478 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:43
  process.env.DEBUG = 'test2'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #70f1a1f4afa43486 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:44
  process.env.FORCE_COLOR = 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bd9c8756c2cf0875 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:45
  process.env.DEBUG_COLORS = 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9531dc06ad583feb Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:59
  process.env.DEBUG = 'test3:*:*:*'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8957a35ebbf40d94 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:60
  process.env.DEBUG_COLORS = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #61cb40c07a9077d8 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:73
  process.env.DEBUG = 'test4:*:query-engine:*'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d2546a67fe36ca9b Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:74
  process.env.DEBUG_COLORS = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6d8da14df8bd4487 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:89
  process.env.DEBUG = 'test5:*:*'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d0dc6c0dcbefb696 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:90
  process.env.DEBUG_COLORS = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f35cac8f93a1ca2f Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:106
  process.env.DEBUG = 'test6:client:*'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #68ba810ae269b532 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:107
  process.env.DEBUG_COLORS = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #184cb9f0b2d87139 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:122
  process.env.DEBUG = 'test7:*:*,-test7:*:*:init'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a60769a83a21fc65 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:123
  process.env.DEBUG_COLORS = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #857d4600a1c86f64 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:138
  process.env.DEBUG = 'test8:*:*,-test8:*:*:init,-test8:pool:*'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2a3dbe3daa53ba88 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:139
  process.env.DEBUG_COLORS = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4039980818976335 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:153
  process.env.DEBUG = 'test9:client'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3c270b1aea3a7f8e Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:154
  process.env.DEBUG_COLORS = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e888a1b3b6730046 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:169
  process.env.DEBUG = 'test10:client'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2c8b95c7c2cec8b6 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:170
  process.env.DEBUG_COLORS = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #282bbc0f46387ce8 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:195
  process.env.DEBUG = 'test11:client'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7d43fdefa30733d3 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:196
  process.env.DEBUG_COLORS = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #80e5daf4a8e3c804 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:210
  process.env.DEBUG = 'test12:client*'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #82fd0cc24c3f0faa Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:211
  process.env.DEBUG_COLORS = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #31b293a3ba86b8b7 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:228
  process.env.DEBUG = 'test13:client*init'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4b55e2967c169df3 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:229
  process.env.DEBUG_COLORS = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #81024bcd0511a99a Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:249
  process.env.DEBUG = 'test14:*:query-engine:*,-*init,*:result'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c6b0656349a37f0e Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:250
  process.env.DEBUG_COLORS = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9cbe4d782ed4094d Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:271
  process.env.DEBUG = 'test15:\\w+'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e07e7b45bd5b121e Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:272
  process.env.DEBUG_COLORS = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #59fe5c144026f53f Environment-variable access.
repo/packages/debug/src/__tests__/env-disabled.test.ts:9
    process.env.DEBUG = ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e28e11c3e6c9118a Environment-variable access.
repo/packages/debug/src/__tests__/env-enabled.test.ts:9
    process.env.DEBUG = 'my-namespace'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c11b0855c2f6e976 Environment-variable access.
repo/packages/engines/src/index.ts:26
  const binaryTargets = process.env.PRISMA_CLI_BINARY_TARGETS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4d2b6bb209b544d Environment-variable access.
repo/packages/engines/src/index.ts:27
    ? (process.env.PRISMA_CLI_BINARY_TARGETS.split(',') as BinaryTarget[])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #64f16348cd21bde2 Filesystem access.
repo/packages/engines/src/scripts/localinstall.ts:5
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d6faaf5eb810b855 Filesystem access.
repo/packages/engines/src/scripts/postinstall.ts:5
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5b633b5e132c447 Filesystem access.
repo/packages/engines/src/scripts/postinstall.ts:16
  if (fs.existsSync(lockFile) && parseInt(fs.readFileSync(lockFile, 'utf-8'), 10) > Date.now() - 20_000) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1e748f6400476c15 Environment-variable access.
repo/packages/engines/src/scripts/postinstall.ts:21
    if (process.env.PRISMA_CLI_BINARY_TARGETS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d98678ebf0c5ceca Environment-variable access.
repo/packages/engines/src/scripts/postinstall.ts:22
      binaryTargets = process.env.PRISMA_CLI_BINARY_TARGETS.split(',')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #73b02940e1d0e8a3 Filesystem access.
repo/packages/engines/src/scripts/postinstall.ts:43
  fs.writeFileSync(lockFile, Date.now().toString())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a379d4a4e9644555 Environment-variable access.
repo/packages/fetch-engine/src/__tests__/download.test.ts:25
const usesCustomEngines = process.env.PRISMA_SCHEMA_ENGINE_BINARY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6b88645ca9abc32b Environment-variable access.
repo/packages/fetch-engine/src/download.ts:119
  if (process.env.BINARY_DOWNLOAD_VERSION) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #37a769b3e5617ccb Environment-variable access.
repo/packages/fetch-engine/src/download.ts:120
    debug(`process.env.BINARY_DOWNLOAD_VERSION is set to "${process.env.BINARY_DOWNLOAD_VERSION}"`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e88e37821a9cd21 Environment-variable access.
repo/packages/fetch-engine/src/download.ts:121
    opts.version = process.env.BINARY_DOWNLOAD_VERSION

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7d8d6be96078ad55 Filesystem access.
repo/packages/fetch-engine/src/download.ts:274
      const sha256File = await fs.promises.readFile(sha256FilePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a25ae4516a1dea05 Environment-variable access.
repo/packages/fetch-engine/src/download.ts:295
    } else if (process.env.PRISMA_ENGINES_CHECKSUM_IGNORE_MISSING) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2429757794fdc049 Filesystem access.
repo/packages/fetch-engine/src/download.ts:441
      await fs.promises.writeFile(cachedSha256Path, sha256)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8acc6db6d327fc41 Filesystem access.
repo/packages/fetch-engine/src/download.ts:444
      await fs.promises.writeFile(cachedSha256ZippedPath, zippedSha256)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ccfd7984d5b2c6f9 Filesystem access.
repo/packages/fetch-engine/src/download.ts:460
    const data = await fs.promises.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4446d4e5bed3bb58 Filesystem access.
repo/packages/fetch-engine/src/download.ts:461
    await fs.promises.writeFile(target, data)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #38050683525355e4 Environment-variable access.
repo/packages/fetch-engine/src/downloadZip.ts:32
      if (!process.env.PRISMA_ENGINES_CHECKSUM_IGNORE_MISSING) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83a8d569b845ba71 Environment-variable access.
repo/packages/fetch-engine/src/downloadZip.ts:49
    if (process.env.PRISMA_ENGINES_CHECKSUM_IGNORE_MISSING) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5ddca301dfd3141a Environment-variable access.
repo/packages/fetch-engine/src/env.ts:27
  if (process.env[envVar]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #abd9981929d29591 Environment-variable access.
repo/packages/fetch-engine/src/env.ts:28
    const envVarPath = path.resolve(process.cwd(), process.env[envVar]!)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e88f3df89addb106 Environment-variable access.
repo/packages/fetch-engine/src/env.ts:31
        `Env var ${bold(envVar)} is provided but provided path ${underline(process.env[envVar]!)} can't be resolved.`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7fad64685a3f4c96 Environment-variable access.
repo/packages/fetch-engine/src/env.ts:36
        process.env[envVar]!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #77c5d109cee3bbe1 Environment-variable access.
repo/packages/fetch-engine/src/env.ts:52
  if (deprecatedEnvVar && process.env[deprecatedEnvVar]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5da0ea7851b7e66 Environment-variable access.
repo/packages/fetch-engine/src/env.ts:53
    if (process.env[envVar]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aaf384a5e5cd29b1 Environment-variable access.
repo/packages/fetch-engine/src/getProxyAgent.ts:54
  const noProxy = process.env.NO_PROXY || process.env.no_proxy || ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4787449b86b79873 Environment-variable access.
repo/packages/fetch-engine/src/getProxyAgent.ts:70
    const httpProxy = process.env.HTTP_PROXY || process.env.http_proxy || null

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1fca78e0b795b818 Environment-variable access.
repo/packages/fetch-engine/src/getProxyAgent.ts:77
      process.env.HTTPS_PROXY || process.env.https_proxy || process.env.HTTP_PROXY || process.env.http_proxy || null

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a20d4e207f9471c1 Environment-variable access.
repo/packages/fetch-engine/src/utils.ts:18
    if (process.env.APPDATA) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #14a0ea880b477081 Environment-variable access.
repo/packages/fetch-engine/src/utils.ts:19
      return path.join(process.env.APPDATA, 'Prisma')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e1d503390b6d2c5 Environment-variable access.
repo/packages/fetch-engine/src/utils.ts:23
  if (process.env.AWS_LAMBDA_FUNCTION_VERSION) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4be078eff01fefe0 Environment-variable access.
repo/packages/fetch-engine/src/utils.ts:31
  return process.env.XDG_CACHE_HOME

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0f8b5858b5476076 Environment-variable access.
repo/packages/fetch-engine/src/utils.ts:32
    ? path.join(process.env.XDG_CACHE_HOME, 'prisma')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b1174a2c7cf4fb7f Environment-variable access.
repo/packages/fetch-engine/src/utils.ts:68
    process.env.PRISMA_BINARIES_MIRROR || // TODO: remove this

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f62c638b05ec6f31 Environment-variable access.
repo/packages/fetch-engine/src/utils.ts:69
    process.env.PRISMA_ENGINES_MIRROR ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #372c37bc650f3e93 Environment-variable access.
repo/packages/get-dmmf/src/index.ts:32
    noColor: Boolean(process.env.NO_COLOR),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4031f3e1a6e5c5ac Environment-variable access.
repo/packages/get-dmmf/src/index.ts:37
    if (process.env.FORCE_PANIC_GET_DMMF) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f339fb661f2b937b Filesystem access.
repo/packages/get-platform/src/getPlatform.ts:3
import fs from 'fs/promises'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #26fbceab6f06b100 Filesystem access.
repo/packages/get-platform/src/getPlatform.ts:232
    const osReleaseInput = await fs.readFile(osReleaseFile, { encoding: 'utf-8' })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9ad5821150c8d64e Environment-variable access.
repo/packages/get-platform/src/logger.ts:7
  warn: () => !process.env.PRISMA_DISABLE_WARNINGS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #67040bcc14773f21 Environment-variable access.
repo/packages/get-platform/src/test-utils/jestSnapshotSerializer.js:37
  if (process.env.TEMP) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #427ed22ea8d215ee Environment-variable access.
repo/packages/get-platform/src/test-utils/jestSnapshotSerializer.js:38
    const escapedPath = process.env.TEMP.replaceAll('\\', '\\\\')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3be4bbde53bb773a Environment-variable access.
repo/packages/get-platform/src/test-utils/vitest-snapshot-serializer.ts:38
  if (process.env.TEMP) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #28d2462109a00692 Environment-variable access.
repo/packages/get-platform/src/test-utils/vitest-snapshot-serializer.ts:39
    const escapedPath = process.env.TEMP.replaceAll('\\', '\\\\')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e404ff01a7a05d8e Environment-variable access.
repo/packages/instrumentation/src/ActiveTracingHelper.ts:21
const showAllTraces = process.env.PRISMA_SHOW_ALL_TRACES === 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #169d2ae53c71b195 Environment-variable access.
repo/packages/integration-tests/src/__tests__/integration/mariadb/__database.ts:35
  const connectionString = process.env.TEST_MARIADB_URI!.replace('tests', ctx.id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #96b46124302c10fc Environment-variable access.
repo/packages/integration-tests/src/__tests__/integration/mssql/__database.ts:34
  const serviceConnectionString = process.env.TEST_MSSQL_URI!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6bd518b4277036ce Environment-variable access.
repo/packages/integration-tests/src/__tests__/integration/mysql/__database.ts:34
  const connectionString = process.env.TEST_MYSQL_URI!.replace('tests', ctx.id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f52b1d352c152ccd Environment-variable access.
repo/packages/integration-tests/src/__tests__/integration/postgresql/__database.ts:28
  return process.env.TEST_POSTGRES_URI + `?schema=${ctx.id}&connection_limit=1`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0dbfae4c03857f60 Filesystem access.
repo/packages/internals/helpers/build.ts:2
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ec808db35bdcb51 Filesystem access.
repo/packages/internals/src/WasmSchemaEngineLoader.ts:10
  const schemaEngineWasmFileBytes = await fs.readFile(schemaEngineWasmFilePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #719af8a52423f1bc Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/formatSchema.test.ts:12
if (process.env.CI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6ed977489dc0ce09 Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/getConfig.test.ts:64
    process.env.TEST_POSTGRES_URI_FOR_DATASOURCE = 'postgres://user:password@something:5432/db'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4eb46c0ea62559f0 Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/getDmmf.test.ts:13
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bc792cc0d053b4db Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/getDmmf.test.ts:19
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #042f720e1a3f8ddf Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/getDmmf.test.ts:21
      process.env[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2186fab2f6d03be5 Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/getDmmf.test.ts:26
if (process.env.CI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cd6aefb4560f0f2e Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/getDmmf.test.ts:41
      delete process.env.NO_COLOR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #48aed74b8210bb93 Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/getDmmf.test.ts:42
      process.env.FORCE_COLOR = '0'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #83a70433b6144a55 Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/getDmmf.test.ts:43
      process.env.CI = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6ee57d6fc103de55 Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/getDmmf.test.ts:83
      process.env.NO_COLOR = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7d2b3ba3b7fbb76c Filesystem access.
repo/packages/internals/src/__tests__/engine-commands/getDmmf.test.ts:528
      const file = await fs.promises.readFile(path.join(fixturesPath, 'chinook.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0a919cc798c8f9ae Filesystem access.
repo/packages/internals/src/__tests__/engine-commands/getDmmf.test.ts:537
      const file = await fs.promises.readFile(path.join(fixturesPath, 'odoo.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #30f81c2b71a19e1c Filesystem access.
repo/packages/internals/src/__tests__/engine-commands/getDmmf.test.ts:546
      const file = await fs.promises.readFile(path.join(fixturesPath, 'bigschema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f5648c83c8dbe59f Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/getEngineVersion.test.ts:9
  testIf(!process.env.PRISMA_SCHEMA_ENGINE_BINARY)('Schema Engine', async () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f764c0d8ad375eca Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/validate.test.ts:15
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #87e144eb2d9d1fc9 Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/validate.test.ts:21
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8d9e44c280459338 Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/validate.test.ts:23
      process.env[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #36c1823427a9f662 Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/validate.test.ts:29
  testTimeout: process.env.CI ? 60_000 : 10_000,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d48098da48e8cf75 Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/validate.test.ts:42
      delete process.env.NO_COLOR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #44769b3ae669432a Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/validate.test.ts:43
      process.env.FORCE_COLOR = '0'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ac0565af4306868d Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/validate.test.ts:44
      process.env.CI = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #66bf15affeba5e74 Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/validate.test.ts:85
      process.env.NO_COLOR = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #49b4333f736bdc52 Environment-variable access.
repo/packages/internals/src/__tests__/getGenerators/getGenerators.test.ts:16
  testTimeout: process.env.CI ? 60_000 : 20_000,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #63669526174d6e5b Environment-variable access.
repo/packages/internals/src/__tests__/getGenerators/getGenerators.test.ts:52
    delete process.env.BINARY_TARGETS_ENV_VAR_TEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dd6f7cda7266f3da Environment-variable access.
repo/packages/internals/src/__tests__/getGenerators/getGenerators.test.ts:212
    process.env.BINARY_TARGETS_ENV_VAR_TEST = '"native"'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a251fe20b2aa7a3a Environment-variable access.
repo/packages/internals/src/__tests__/getGenerators/getGenerators.test.ts:295
    process.env.BINARY_TARGETS_ENV_VAR_TEST = '["native"]'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f0bcaabead0c9c23 Environment-variable access.
repo/packages/internals/src/__tests__/getGenerators/getGenerators.test.ts:378
    process.env.BINARY_TARGETS_ENV_VAR_TEST =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a5af9a0c825a98b8 Environment-variable access.
repo/packages/internals/src/__tests__/getGenerators/getGenerators.test.ts:477
    process.env.BINARY_TARGETS_ENV_VAR_TEST = '["linux-musl"]'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #acfd8e525764433c Environment-variable access.
repo/packages/internals/src/__tests__/getPackedPackage.test.ts:8
const isMacOrWindowsCI = Boolean(process.env.CI) && ['darwin', 'win32'].includes(process.platform)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #34394e7ece9910ba Environment-variable access.
repo/packages/internals/src/__tests__/getSchema.test.ts:9
if (process.env.CI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #94100a92ed041102 Environment-variable access.
repo/packages/internals/src/__tests__/getSchema.test.ts:15
process.env.npm_config_user_agent = 'yarn/1.22.4 npm/? node/v12.18.3 darwin x64'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #997c442468163e4a Environment-variable access.
repo/packages/internals/src/__tests__/handlePanic.test.ts:51
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #98c53a841ceac3d5 Environment-variable access.
repo/packages/internals/src/__tests__/handlePanic.test.ts:57
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9196f38b766863ee Environment-variable access.
repo/packages/internals/src/__tests__/handlePanic.test.ts:59
      process.env[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1c147d5a48073dd9 Environment-variable access.
repo/packages/internals/src/__tests__/handlePanic.test.ts:76
    process.env.GITHUB_ACTIONS = 'true' // simulate CI environment

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #02399e6a75a8652c Environment-variable access.
repo/packages/internals/src/__tests__/schemaEngineCommands.test.ts:8
if (process.env.CI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #01749c88c0e16486 Environment-variable access.
repo/packages/internals/src/__tests__/schemaEngineCommands.test.ts:69
  testIf(!process.env.PRISMA_SCHEMA_ENGINE_BINARY)(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #80df6cf83d3fa497 Environment-variable access.
repo/packages/internals/src/__tests__/schemaEngineCommands.test.ts:85
    const uri = process.env.TEST_POSTGRES_URI!.replace('tests', 'tests-createDatabase')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #672c2db5268c953a Environment-variable access.
repo/packages/internals/src/__tests__/schemaEngineCommands.test.ts:105
    const uri = process.env.TEST_POSTGRES_URI!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0888603210aede42 Environment-variable access.
repo/packages/internals/src/__tests__/schemaEngineCommands.test.ts:113
    const uri = process.env.TEST_MYSQL_URI!.replace('tests', 'tests-createDatabase')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #29d3b75715ae2015 Environment-variable access.
repo/packages/internals/src/__tests__/schemaEngineCommands.test.ts:124
    const uri = process.env.TEST_MYSQL_URI!.replace('tests', 'tests-createDatabase-already-exists')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1676291d58ad71d1 Environment-variable access.
repo/packages/internals/src/__tests__/schemaEngineCommands.test.ts:136
  testIf(!process.env.TEST_SKIP_MSSQL)('sqlserver - create database', async () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f995598c78eadc44 Environment-variable access.
repo/packages/internals/src/__tests__/schemaEngineCommands.test.ts:137
    if (!process.env.TEST_MSSQL_JDBC_URI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6594f8232de134c2 Environment-variable access.
repo/packages/internals/src/__tests__/schemaEngineCommands.test.ts:140
    const connectionString = process.env.TEST_MSSQL_JDBC_URI.replace(/database=(.*?);/, 'database=can-create-a-db;')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f311e277629858ee Environment-variable access.
repo/packages/internals/src/__tests__/schemaEngineCommands.test.ts:147
  testIf(!process.env.TEST_SKIP_MSSQL)('sqlserver - database already exists', async () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6ff750373d92101e Environment-variable access.
repo/packages/internals/src/__tests__/schemaEngineCommands.test.ts:148
    if (!process.env.TEST_MSSQL_JDBC_URI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b9b71fcdcd03944e Environment-variable access.
repo/packages/internals/src/__tests__/schemaEngineCommands.test.ts:151
    const connectionString = process.env.TEST_MSSQL_JDBC_URI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #545374629a9af884 Filesystem access.
repo/packages/internals/src/cli/getSchema.ts:10
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56d884455dcb8f90 Environment-variable access.
repo/packages/internals/src/engine-commands/formatSchema.ts:17
  if (process.env.FORCE_PANIC_PRISMA_SCHEMA) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #00f8756cd07f7cf4 Environment-variable access.
repo/packages/internals/src/engine-commands/getConfig.ts:78
        if (process.env.FORCE_PANIC_GET_CONFIG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eefc857cf55244f7 Environment-variable access.
repo/packages/internals/src/engine-commands/getConfig.ts:172
    if (binaryTarget.fromEnvVar && process.env[binaryTarget.fromEnvVar]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #177de0c3da4c8b27 Environment-variable access.
repo/packages/internals/src/engine-commands/getConfig.ts:173
      const value = JSON.parse(process.env[binaryTarget.fromEnvVar]!)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5eedc8933816616 Filesystem access.
repo/packages/internals/src/engine-commands/queryEngineCommons.ts:4
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de8ecfe8d29d745d Environment-variable access.
repo/packages/internals/src/engine-commands/validate.ts:58
        if (process.env.FORCE_PANIC_GET_DMMF) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a8d5e795e8c52464 Environment-variable access.
repo/packages/internals/src/engine-commands/validate.ts:65
          noColor: Boolean(process.env.NO_COLOR),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #7f8c62a9c1d30923 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/internals/src/errorReporting.ts:69
  return await fetch(url, {
    method: 'POST',
    agent: getProxyAgent(url),
    body,
    headers: {
      Accept: 'application/json',
      'Content-Type': 'application/json',
    },
  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #56e88e6f5a8ebde9 Environment-variable access.
repo/packages/internals/src/get-generators/utils/getBinaryPathsByVersion.ts:46
    if (process.env.NETLIFY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52076eef061461b7 Filesystem access.
repo/packages/internals/src/getPackedPackage.ts:2
import fs, { readFileSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18496b908d88b0d1 Filesystem access.
repo/packages/internals/src/getPackedPackage.ts:16
      const pkgJson = JSON.parse(readFileSync(pkgPath, { encoding: 'utf-8' }))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c69e46c10e36538e Environment-variable access.
repo/packages/internals/src/logger.ts:10
  warn: () => !process.env.PRISMA_DISABLE_WARNINGS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #585a92b8e8bfb7a4 Filesystem access.
repo/packages/internals/src/resolveBinary.ts:5
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d3eab461d0ad1697 Filesystem access.
repo/packages/internals/src/resolveBinary.ts:88
    const data = await fs.promises.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #46c31d78b4425711 Filesystem access.
repo/packages/internals/src/resolveBinary.ts:89
    await fs.promises.writeFile(target, data)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #533c69656a8b3e03 Filesystem access.
repo/packages/internals/src/resolveOutput.ts:1
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6158f9e8f6fabfd6 Environment-variable access.
repo/packages/internals/src/schemaEngineCommands.ts:188
          RUST_BACKTRACE: process.env.RUST_BACKTRACE ?? '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea686c20bdbe6e50 Environment-variable access.
repo/packages/internals/src/schemaEngineCommands.ts:189
          RUST_LOG: process.env.RUST_LOG ?? 'info',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1f0e280532855833 Environment-variable access.
repo/packages/internals/src/utils/__tests__/isCi.test.ts:11
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2a01ddd211f95e2d Environment-variable access.
repo/packages/internals/src/utils/__tests__/isCi.test.ts:17
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #24901025eb66cb6c Environment-variable access.
repo/packages/internals/src/utils/__tests__/isCi.test.ts:19
      process.env[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0a3b04417b9673f1 Environment-variable access.
repo/packages/internals/src/utils/__tests__/isCi.test.ts:36
      delete process.env.GITHUB_ACTIONS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fa54fa5d6bdda79d Environment-variable access.
repo/packages/internals/src/utils/__tests__/isCi.test.ts:37
      delete process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #effd1cc585b83146 Environment-variable access.
repo/packages/internals/src/utils/__tests__/isCi.test.ts:48
      delete process.env.GITHUB_ACTIONS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b08f7af5978f4be9 Environment-variable access.
repo/packages/internals/src/utils/__tests__/isCi.test.ts:49
      delete process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a340d3b2d5770fc0 Environment-variable access.
repo/packages/internals/src/utils/__tests__/isCi.test.ts:54
      process.env.CI = 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #48a6a6e87ac991c7 Environment-variable access.
repo/packages/internals/src/utils/__tests__/isCi.test.ts:59
      process.env.GITHUB_ACTIONS = 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6ae36bacadd23a1c Environment-variable access.
repo/packages/internals/src/utils/__tests__/isInteractive.test.ts:10
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a6dd2e47e24ed351 Environment-variable access.
repo/packages/internals/src/utils/__tests__/isInteractive.test.ts:16
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3b6e20c306cade2f Environment-variable access.
repo/packages/internals/src/utils/__tests__/isInteractive.test.ts:18
      process.env[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #095e5c0712f5bdd2 Environment-variable access.
repo/packages/internals/src/utils/__tests__/isInteractive.test.ts:38
      process.env.TERM = 'dumb'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #467eedacd37c33f2 Environment-variable access.
repo/packages/internals/src/utils/__tests__/isInteractive.test.ts:50
      process.env.TERM = 'dumb'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52172cb78c553757 Filesystem access.
repo/packages/internals/src/utils/chmodPlusX.ts:2
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee054aaf4b3f1811 Filesystem access.
repo/packages/internals/src/utils/fs-functional.ts:4
import fs from 'fs/promises'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10fd620677d7c327 Filesystem access.
repo/packages/internals/src/utils/fs-functional.ts:12
  TE.tryCatch(() => fsUtils.writeFile(params), createTaggedSystemError('fs-write-file', params))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d48a254b9bc8b8a Filesystem access.
repo/packages/internals/src/utils/fs-utils.ts:1
import fs from 'fs/promises'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5130ca7fde03f92a Filesystem access.
repo/packages/internals/src/utils/fs-utils.ts:21
  return fs.writeFile(path, content, { encoding: 'utf-8' })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #51a28e92590dfdac Filesystem access.
repo/packages/internals/src/utils/isCurrentBinInstalledGlobally.ts:1
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #20988ac8bf55d0c5 Environment-variable access.
repo/packages/internals/src/utils/isInContainer.ts:13
      process.env.KUBERNETES_SERVICE_HOST !== undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f0be89a690d6a1c Environment-variable access.
repo/packages/internals/src/utils/isInNpmLifecycleHook.ts:5
  return process.env.npm_lifecycle_event !== undefined && process.env.npm_command !== 'run-script'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72177f63a3cbc07e Environment-variable access.
repo/packages/internals/src/utils/isInteractive.ts:9
  return Boolean(stream && stream.isTTY && process.env.TERM !== 'dumb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1b06e20b0096ae1 Environment-variable access.
repo/packages/internals/src/utils/maybeInGitHook.ts:11
    process.env.GIT_EXEC_PATH !== undefined ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #260f808bc52589e9 Environment-variable access.
repo/packages/internals/src/utils/maybeInGitHook.ts:12
    process.env.GIT_DIR !== undefined ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bd28a2e5791dcbb2 Environment-variable access.
repo/packages/internals/src/utils/maybeInGitHook.ts:13
    process.env.GIT_INDEX_FILE !== undefined ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fdd997e259d2c665 Environment-variable access.
repo/packages/internals/src/utils/maybeInGitHook.ts:14
    process.env.GIT_PREFIX !== undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #30892c07fca80c4e Environment-variable access.
repo/packages/internals/src/utils/parseAWSNodejsRuntimeEnvVarVersion.ts:2
  const runtimeEnvVar = process.env.AWS_LAMBDA_JS_RUNTIME

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5c4ab4a2ffc3f0c Environment-variable access.
repo/packages/internals/src/utils/parseEnvValue.ts:13
    const value = process.env[object.fromEnvVar]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b66dca4e8f413d71 Environment-variable access.
repo/packages/internals/src/utils/parseEnvValue.ts:39
    const value = process.env[object.fromEnvVar]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #148084bc09a223c0 Environment-variable access.
repo/packages/migrate/src/SchemaEngineCLI.ts:514
    if (process.env.FORCE_PANIC_SCHEMA_ENGINE && request.method !== 'getDatabaseVersion') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5be8ca8f0c68a309 Environment-variable access.
repo/packages/migrate/src/SchemaEngineWasm.ts:86
    if (process.env.FORCE_PANIC_SCHEMA_ENGINE && command !== 'debugPanic') return this.debugPanic()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b4e7d905e48c60ff Environment-variable access.
repo/packages/migrate/src/__tests__/Baseline.test.ts:20
    process.env.GITHUB_ACTIONS = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #eefe986ec6bcbb28 Filesystem access.
repo/packages/migrate/src/__tests__/DbDrop.test.ts:124
    await fs.writeFile(path.join(ctx.configDir(), 'dev.db'), '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b1857c6f5876ce28 Environment-variable access.
repo/packages/migrate/src/__tests__/DbDrop.test.ts:159
    process.env.GITHUB_ACTIONS = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #93e3d253aa6de53e Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:37
      fs.writeFileSync('script.sql', '-- noop')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6dc239531c886494 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:85
      fs.writeFileSync('script.js', 'Something for MongoDB')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #437d9b813ce580b8 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:123
      fs.writeFileSync('script.sql', sqlScript)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f8b9a000e77b0172 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:131
      fs.writeFileSync('script.sql', sqlScript)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #73994c492c54671a Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:139
      fs.writeFileSync(
        'script.sql',
        `-- start a transaction
BEGIN;

${sqlScript}

-- commit changes
COMMIT;`,
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b8e0f92bbe2e54ec Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:156
        fs.writeFileSync('script.sql', sqlScript)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #630e90e88b1ec425 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:165
        fs.writeFileSync('script.sql', sqlScript)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c8a9f0ba53558024 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:174
        fs.writeFileSync('script.sql', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9747d9e361492e30 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:185
        fs.writeFileSync('script.sql', '-- empty')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bb194105b34832a7 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:203
        fs.writeFileSync('script.sql', sqlScript)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5f65a5757e28ee28 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:216
      fs.writeFileSync('script.sql', 'DROP TABLE "test-doesnotexists";')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a75f6e8bfc33fe06 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:228
      fs.writeFileSync('script.sql', 'ThisisnotSQL,itshouldfail')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #07f3f3297450243a Environment-variable access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:239
    const connectionString = process.env.TEST_POSTGRES_URI_MIGRATE!.replace('tests-migrate', 'tests-migrate-db-execute')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #62ce68ece69ea42b Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:274
      fs.writeFileSync('script.sql', sqlScript)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d24d725a5a46f5e5 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:282
      fs.writeFileSync('script.sql', sqlScript)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0fe24d5c3eeb6ea0 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:290
      fs.writeFileSync(
        'script.sql',
        `-- start a transaction
BEGIN;

${sqlScript}

-- commit changes
COMMIT;`,
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d0a309f237d73417 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:307
      fs.writeFileSync('script.sql', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ebd32c16e433286d Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:320
      fs.writeFileSync(
        'script.sql',
        `-- Drop & Create & Drop
      DROP DATABASE IF EXISTS "test-dbexecute";
      CREATE DATABASE "test-dbexecute";
      DROP DATABASE "test-dbexecute";`,
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8ce0772bec4fdef4 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:339
      fs.writeFileSync('script.sql', '-- empty')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #75d045db1f5aa8be Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:358
      fs.writeFileSync('script.sql', '-- empty')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1cf027eddd4682cf Environment-variable access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:378
      if (process.env.CI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fc2a11eb64743f2a Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:382
      fs.writeFileSync('script.sql', '-- empty')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bc179fc9a54774b9 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:403
      fs.writeFileSync('script.sql', 'DROP DATABASE "test-doesnotexists";')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #df03ab85c05f71ec Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:420
      fs.writeFileSync('script.sql', 'ThisisnotSQLitshouldfail')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5a79b8d42b2193d1 Environment-variable access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:431
    if (!process.env.TEST_SKIP_COCKROACHDB && !process.env.TEST_COCKROACH_URI_MIGRATE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8e7a7be88258ac15 Environment-variable access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:436
    const connectionString = (process.env.TEST_COCKROACH_URI_MIGRATE || '').replace(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #904a90ce4eda3df9 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:474
      fs.writeFileSync('script.sql', sqlScript)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1a523f37c4698196 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:482
      fs.writeFileSync('script.sql', sqlScript)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4d4b0fb28a48e844 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:490
      fs.writeFileSync(
        'script.sql',
        `-- start a transaction
BEGIN;

${sqlScript}

-- commit changes
COMMIT;`,
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #59970d2d30b4e100 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:507
      fs.writeFileSync('script.sql', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d7b3798533538e12 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:518
      fs.writeFileSync(
        'script.sql',
        `-- Drop & Create & Drop
      DROP DATABASE IF EXISTS "test-dbexecute";
      CREATE DATABASE "test-dbexecute";
      DROP DATABASE "test-dbexecute";`,
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ffc7b2d9c8080a9d Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:536
      fs.writeFileSync('script.sql', '-- empty')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #23b2f924ebeb32a6 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:555
      fs.writeFileSync('script.sql', '-- empty')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6901296655b150c6 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:574
      fs.writeFileSync('script.sql', '-- empty')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9de6636acea0223c Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:594
      fs.writeFileSync('script.sql', 'ThisisnotSQLitshouldfail')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #525d60bf18701819 Environment-variable access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:608
    const connectionString = process.env.TEST_MYSQL_URI_MIGRATE!.replace('tests-migrate', 'tests-migrate-db-execute')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8d8a5338f92c461c Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:643
      fs.writeFileSync('script.sql', sqlScript)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #00e398b6f6974dc8 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:651
      fs.writeFileSync('script.sql', sqlScript)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f05227b6b47d74da Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:660
      fs.writeFileSync('script.sql', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f0e6004be20e4609 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:672
      fs.writeFileSync(
        'script.sql',
        `-- start a transaction
START TRANSACTION;

${sqlScript}

-- commit changes
COMMIT;`,
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e73a88c5f11cb7c8 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:690
      fs.writeFileSync('script.sql', '-- empty')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1461197e60f5f0a2 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:708
      fs.writeFileSync('script.sql', '-- empty')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3f8c866fb6631208 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:727
      fs.writeFileSync('script.sql', '-- empty')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9dfbffabf038474f Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:747
      fs.writeFileSync('script.sql', 'DROP DATABASE `test-doesnotexists`;')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #18329dcba1c51900 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:759
      fs.writeFileSync('script.sql', 'This is not SQL, it should fail')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #84185d97218ffd8e Environment-variable access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:770
    if (!process.env.TEST_SKIP_MSSQL && !process.env.TEST_MSSQL_JDBC_URI_MIGRATE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #521f89ce77854909 Environment-variable access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:774
    const jdbcConnectionString = process.env.TEST_MSSQL_JDBC_URI_MIGRATE?.replace(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #66f8b07eb1eb0e78 Environment-variable access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:781
      connectionString: process.env.TEST_MSSQL_URI!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #60a730ae03c10b05 Environment-variable access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:796
      const shadowDatabaseUrl = process.env.TEST_MSSQL_SHADOWDB_JDBC_URI_MIGRATE?.replace(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cb37dd6224d1a59e Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:817
      fs.writeFileSync('script.sql', sqlScript)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #27cce0023965618c Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:825
      fs.writeFileSync('script.sql', sqlScript)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e909dcbd15a42880 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:833
      fs.writeFileSync('script.sql', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #516f418c9e348e40 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:841
      fs.writeFileSync(
        'script.sql',
        `-- start a transaction
BEGIN TRANSACTION;

SELECT 1

-- commit changes
COMMIT;`,
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c3b5a3ed1ca1e04c Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:860
      fs.writeFileSync(
        'script.sql',
        `-- start a transaction
BEGIN TRANSACTION;

${sqlScript}

-- commit changes
COMMIT;`,
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8a4ba21b6dc945a4 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:882
      fs.writeFileSync('script.sql', '-- empty')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7a0c37d6e5d90348 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:903
      fs.writeFileSync('script.sql', '-- empty')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #969afad264fb26ab Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:922
      fs.writeFileSync('script.sql', '-- empty')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a50d6dafe6a48388 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:944
      fs.writeFileSync('script.sql', 'DROP DATABASE "test-doesnotexists";')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e0231daaf72febb7 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:956
      fs.writeFileSync('script.sql', 'ThisisnotSQLitshouldfail')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c36d4ac14689167e Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/cockroachdb.test.ts:8
const isMacOrWindowsCI = Boolean(process.env.CI) && ['darwin', 'win32'].includes(process.platform)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #793d0ecbd2b4999d Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/cockroachdb.test.ts:16
  if (!process.env.TEST_SKIP_COCKROACHDB && !process.env.TEST_COCKROACH_URI_MIGRATE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6ced6244b7cffe9c Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/cockroachdb.test.ts:19
  const connectionString = process.env.TEST_COCKROACH_URI_MIGRATE!.replace(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6f259cd35f5fe48a Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/mongodb.test.ts:5
const isMacOrWindowsCI = Boolean(process.env.CI) && ['darwin', 'win32'].includes(process.platform)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #550d7bdf009995bb Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/mysql.test.ts:9
const isMacOrWindowsCI = Boolean(process.env.CI) && ['darwin', 'win32'].includes(process.platform)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c69002bb7aeca47f Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/mysql.test.ts:17
  const connectionString = process.env.TEST_MYSQL_URI!.replace('tests-migrate', 'tests-migrate-db-pull-mysql')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8a4a694da716ac1f Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/mysql.test.ts:20
    connectionString: process.env.TEST_MYSQL_URI!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #24b2f22e944fe61d Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/postgresql-extensions.test.ts:8
const isMacOrWindowsCI = Boolean(process.env.CI) && ['darwin', 'win32'].includes(process.platform)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c25a953ae7dbb1da Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/postgresql-extensions.test.ts:16
  const connectionString = process.env.TEST_POSTGRES_URI_MIGRATE!.replace(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #97f8c26a7bad3487 Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/postgresql-missing-database.test.ts:5
const isMacOrWindowsCI = Boolean(process.env.CI) && ['darwin', 'win32'].includes(process.platform)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #062eaa9c90aa0de1 Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/postgresql-missing-database.test.ts:13
  const defaultConnectionString = process.env.TEST_POSTGRES_URI_MIGRATE!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #326197fef8583c2b Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/postgresql-multischema.test.ts:8
const isMacOrWindowsCI = Boolean(process.env.CI) && ['darwin', 'win32'].includes(process.platform)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b7551760df5b1a9a Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/postgresql-multischema.test.ts:16
  const connectionString = process.env.TEST_POSTGRES_URI_MIGRATE!.replace(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a36ea30c23e339d5 Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/postgresql-views.test.ts:10
if (process.env.CI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5978afa4640834bd Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/postgresql-views.test.ts:19
  const connectionString = process.env.TEST_POSTGRES_URI_MIGRATE!.replace(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0928377c7d6163e4 Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/postgresql.test.ts:8
const isMacOrWindowsCI = Boolean(process.env.CI) && ['darwin', 'win32'].includes(process.platform)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f0bfa3159645e21c Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/postgresql.test.ts:16
  const connectionString = process.env.TEST_POSTGRES_URI_MIGRATE!.replace(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7308b26593646943 Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/schema-folder.test.ts:4
const isMacOrWindowsCI = Boolean(process.env.CI) && ['darwin', 'win32'].includes(process.platform)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #40dce132d9b2b981 Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/sqlite.test.ts:5
const isMacOrWindowsCI = Boolean(process.env.CI) && ['darwin', 'win32'].includes(process.platform)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7e5f76a7edf622f5 Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/sqlserver.test.ts:9
const isMacOrWindowsCI = Boolean(process.env.CI) && ['darwin', 'win32'].includes(process.platform)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1985e3f59e37dd99 Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/sqlserver.test.ts:33
  if (!process.env.TEST_SKIP_MSSQL && !process.env.TEST_MSSQL_URI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b3a720714253023d Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/sqlserver.test.ts:36
  if (!process.env.TEST_SKIP_MSSQL && !process.env.TEST_MSSQL_JDBC_URI_MIGRATE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7596156f8825f4aa Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/sqlserver.test.ts:42
    connectionString: process.env.TEST_MSSQL_URI!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f74dac0cec9fc611 Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/sqlserver.test.ts:58
    const url = process.env.TEST_MSSQL_JDBC_URI_MIGRATE!.replace('tests-migrate', databaseName)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cff9c0f09b36d1a6 Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/sqlserver.test.ts:59
    const shadowDatabaseUrl = process.env.TEST_MSSQL_SHADOWDB_JDBC_URI_MIGRATE?.replace(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #59fa21ac1988dfc6 Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/sqlserver.test.ts:97
  if (process.env.CI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b68813a2697b44fc Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/sqlserver.test.ts:104
  if (!process.env.TEST_SKIP_MSSQL && !process.env.TEST_MSSQL_URI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #18e8eaf11b57c446 Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/sqlserver.test.ts:107
  if (!process.env.TEST_SKIP_MSSQL && !process.env.TEST_MSSQL_JDBC_URI_MIGRATE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #683615f3473f3d8f Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/sqlserver.test.ts:114
    connectionString: process.env.TEST_MSSQL_URI!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8db86460226e7535 Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/sqlserver.test.ts:131
    const url = process.env.TEST_MSSQL_JDBC_URI_MIGRATE!.replace('tests-migrate', databaseName)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #aa05938860f93606 Environment-variable access.
repo/packages/migrate/src/__tests__/DbPush.test.ts:14
  const inDockerIt = process.env.TEST_NO_DOCKER ? it.skip : it

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6ad8791ccd9b0339 Environment-variable access.
repo/packages/migrate/src/__tests__/DbPush.test.ts:107
    process.env.GITHUB_ACTIONS = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #521bdcecd32141ed Environment-variable access.
repo/packages/migrate/src/__tests__/DbPush.test.ts:227
    process.env.GITHUB_ACTIONS = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #db3503980dff4d2c Environment-variable access.
repo/packages/migrate/src/__tests__/DbPush.test.ts:273
  const connectionString = process.env.TEST_POSTGRES_URI_MIGRATE!.replace('tests-migrate', 'tests-migrate-db-push')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #30277d746d82d262 Environment-variable access.
repo/packages/migrate/src/__tests__/DbPush.test.ts:338
  const connectionString = process.env.TEST_POSTGRES_URI_MIGRATE!.replace(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e1606dc2f70cea1c Environment-variable access.
repo/packages/migrate/src/__tests__/DbPush.test.ts:388
  if (!process.env.TEST_SKIP_MONGODB && !process.env.TEST_MONGO_URI_MIGRATE_EXISTING_DB) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f2664b76cc12d529 Environment-variable access.
repo/packages/migrate/src/__tests__/DbPush.test.ts:392
    connectionString: process.env.TEST_MONGO_URI_MIGRATE_EXISTING_DB!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0abe60edf195f2d0 Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDeploy.test.ts:179
  const connectionString = process.env.TEST_POSTGRES_URI_MIGRATE!.replace('tests-migrate', 'tests-migrate-deploy')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cb219e5b7e3dded2 Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDev.test.ts:32
  process.env.GITHUB_ACTIONS = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b7ca8d3f4ddf7b36 Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDev.test.ts:834
  const connectionString = process.env.TEST_POSTGRES_URI_MIGRATE!.replace('tests-migrate', 'tests-migrate-dev')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #798224e83c449455 Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDev.test.ts:1181
  testIf(!process.env.CI || process.platform !== 'darwin')('external tables', async () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a7be63767894b95a Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDev.test.ts:1246
  if (!process.env.TEST_SKIP_COCKROACHDB && !process.env.TEST_COCKROACH_URI_MIGRATE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f4366a7e56ebf4f1 Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDev.test.ts:1249
  const connectionString = process.env.TEST_COCKROACH_URI_MIGRATE!.replace('tests-migrate', 'tests-migrate-dev')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5fa8220838e70461 Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDev.test.ts:1414
  const connectionString = process.env.TEST_MYSQL_URI_MIGRATE!.replace('tests-migrate', 'tests-migrate-dev')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #06307559142cb1a0 Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDev.test.ts:1601
  if (process.env.CI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #013b1029f6a18b91 Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDev.test.ts:1610
    connectionString: process.env.TEST_MSSQL_URI!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #11e8c4327501d252 Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDev.test.ts:1625
    const url = process.env.TEST_MSSQL_JDBC_URI_MIGRATE!.replace('tests-migrate', databaseName)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f5923a059ba43aa5 Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDev.test.ts:1626
    const shadowDatabaseUrl = process.env.TEST_MSSQL_SHADOWDB_JDBC_URI_MIGRATE?.replace(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #07f4c7e2ec0519b9 Filesystem access.
repo/packages/migrate/src/__tests__/MigrateDiff.test.ts:490
        await fs.writeFile(path.join(ctx.configDir(), 'dev.db'), '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #77b3e0b44524e25f Filesystem access.
repo/packages/migrate/src/__tests__/MigrateDiff.test.ts:508
        await fs.writeFile(path.join(ctx.configDir(), 'dev.db'), '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5175a88ec7d91b64 Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDiff.test.ts:693
    if (!process.env.TEST_SKIP_COCKROACHDB && !process.env.TEST_COCKROACH_URI_MIGRATE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8f740de83713fcb7 Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDiff.test.ts:696
    const connectionString = process.env.TEST_COCKROACH_URI_MIGRATE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3b57ee89fc3e5a03 Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDiff.test.ts:745
    const connectionString = process.env.TEST_POSTGRES_URI_MIGRATE!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #16deb20f1125f68d Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDiff.test.ts:804
    const connectionString = process.env.TEST_MYSQL_URI_MIGRATE!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d70c86466ff13fe6 Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDiff.test.ts:854
    if (!process.env.TEST_SKIP_MSSQL && !process.env.TEST_MSSQL_JDBC_URI_MIGRATE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8c27e781279f9866 Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDiff.test.ts:858
    const jdbcConnectionString = process.env.TEST_MSSQL_JDBC_URI_MIGRATE!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #61d5a59041447ed3 Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDiff.test.ts:861
      connectionString: process.env.TEST_MSSQL_URI!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cb174ab9cc73d301 Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDiff.test.ts:876
      const shadowDatabaseUrl = process.env.TEST_MSSQL_SHADOWDB_JDBC_URI_MIGRATE?.replace(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f49d4f738f12a89e Environment-variable access.
repo/packages/migrate/src/__tests__/__helpers__/conditionalTests.ts:90
  if (matrix.providers.cockroachdb && process.env.TEST_SKIP_COCKROACHDB) return skip(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bdb93b3fc6104d3e Environment-variable access.
repo/packages/migrate/src/__tests__/__helpers__/conditionalTests.ts:91
  if (matrix.providers.sqlserver && process.env.TEST_SKIP_MSSQL) return skip(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7ea65590a10f4c7e Environment-variable access.
repo/packages/migrate/src/__tests__/__helpers__/conditionalTests.ts:92
  if (matrix.providers.mongodb && process.env.TEST_SKIP_MONGODB) return skip(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6c492e2333bbacdc Environment-variable access.
repo/packages/migrate/src/__tests__/handlePanic.introspect.test.ts:11
    process.env.FORCE_PANIC_SCHEMA_ENGINE = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2a2c832d4836a98c Environment-variable access.
repo/packages/migrate/src/__tests__/handlePanic.migrate.test.ts:17
    process.env.FORCE_PANIC_SCHEMA_ENGINE = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #811e682d51854c0a Filesystem access.
repo/packages/migrate/src/__tests__/introspection/introspection.test.ts:2
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a55492d700ffe320 Filesystem access.
repo/packages/migrate/src/__tests__/introspection/introspection.test.ts:14
  const schemaContent = await fs.promises.readFile(schemaPath, { encoding: 'utf-8' })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1ef5e60717cc5730 Environment-variable access.
repo/packages/migrate/src/__tests__/rpc.test.ts:502
        url: process.env.TEST_POSTGRES_URI!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f308bca37d76e907 Environment-variable access.
repo/packages/migrate/src/__tests__/setup.ts:7
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1a9ff670f2b8db36 Environment-variable access.
repo/packages/migrate/src/__tests__/setup.ts:13
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #67156806cc216400 Environment-variable access.
repo/packages/migrate/src/__tests__/setup.ts:15
      process.env[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #73d3fc586199e94a Environment-variable access.
repo/packages/migrate/src/__tests__/setup.ts:24
  process.env.CI = 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7829dbaec313490c Environment-variable access.
repo/packages/migrate/src/__tests__/utils/ai-safety.test.ts:17
    delete process.env[name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #23e83e132093454d Environment-variable access.
repo/packages/migrate/src/__tests__/utils/ai-safety.test.ts:46
  process.env[envVar] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d1e6aac943738d75 Environment-variable access.
repo/packages/migrate/src/__tests__/utils/ai-safety.test.ts:51
  process.env.AI_AGENT = 'v0'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ed06865610bddd76 Environment-variable access.
repo/packages/migrate/src/__tests__/utils/ai-safety.test.ts:56
  process.env.AGENT = 'some-new-agent'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5ce5155f79eadfe3 Environment-variable access.
repo/packages/migrate/src/__tests__/utils/ai-safety.test.ts:65
  process.env.AI_AGENT = 'some\nagent\u0000name'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d1a920619d8b8123 Environment-variable access.
repo/packages/migrate/src/__tests__/utils/ai-safety.test.ts:70
  process.env.AI_AGENT = 'a'.repeat(200)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c16d6c4c2b7bd889 Environment-variable access.
repo/packages/migrate/src/__tests__/utils/ai-safety.test.ts:75
  process.env.AI_AGENT = '\u0001\u0002'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e35f4b51d4a4af6d Environment-variable access.
repo/packages/migrate/src/__tests__/utils/ai-safety.test.ts:80
  process.env.AGENT = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #df52ec2c13636b86 Environment-variable access.
repo/packages/migrate/src/__tests__/utils/ai-safety.test.ts:85
  process.env.REPLIT_SESSION = 'prisma-Abcd'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4a945f77992ad71d Environment-variable access.
repo/packages/migrate/src/__tests__/utils/ai-safety.test.ts:90
  process.env.OR_APP_NAME = 'SomeOtherApp'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e426ab778227fca3 Environment-variable access.
repo/packages/migrate/src/__tests__/utils/ai-safety.test.ts:95
  process.env.CLAUDECODE = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d2b8b2ff7eab670d Environment-variable access.
repo/packages/migrate/src/__tests__/utils/ai-safety.test.ts:96
  process.env.PRISMA_USER_CONSENT_FOR_DANGEROUS_AI_ACTION = 'yes, reset my dev database'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af541d561129cd75 Filesystem access.
repo/packages/migrate/src/commands/DbExecute.ts:14
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #334a2b5a85ec2193 Filesystem access.
repo/packages/migrate/src/commands/DbExecute.ts:118
        script = fs.readFileSync(path.resolve(args['--file']), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f73e83de5a0e839a Filesystem access.
repo/packages/migrate/src/utils/createMigration.ts:36
  await fs.promises.writeFile(path.join(baseDir, migrationName, `migration.${extension}`), script, {
    encoding: 'utf-8',
  })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba598cdc78971f07 Filesystem access.
repo/packages/migrate/src/utils/createMigration.ts:52
  await fs.promises.writeFile(path.join(baseDir, lockfile.path), lockfileContent, { encoding: 'utf-8' })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9aab57a91f2ad33 Filesystem access.
repo/packages/migrate/src/utils/listMigrations.ts:21
  const lockfileContent = await fs
    .readFile(path.join(migrationsDirectoryPath, lockfileName), { encoding: 'utf-8' })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0915544020c7598c Filesystem access.
repo/packages/migrate/src/utils/listMigrations.ts:56
    const migrationFileContent = await fs
      .readFile(path.join(migrationPath, migrationFileName), { encoding: 'utf-8' })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #93925bebffeca685 Filesystem access.
repo/packages/migrate/src/utils/saveSchemaFiles.ts:6
  await Promise.all(schemas.files.map((file) => fs.writeFile(file.path, file.content, 'utf8')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c7659493f779af0 Filesystem access.
repo/packages/migrate/src/utils/setupCockroach.ts:2
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #418554c93336f71f Filesystem access.
repo/packages/migrate/src/utils/setupCockroach.ts:28
    await db.query(fs.readFileSync(path.join(dirname, 'setup.sql'), 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e56bff0430e7512c Filesystem access.
repo/packages/migrate/src/utils/setupMSSQL.ts:1
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a1f21fb1bc10e4c Filesystem access.
repo/packages/migrate/src/utils/setupMSSQL.ts:46
    schema += fs.readFileSync(path.join(dirname, 'setup.sql'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4f03199cd0e055e3 Filesystem access.
repo/packages/migrate/src/utils/setupMysql.ts:2
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #daf00d0f124da8c1 Filesystem access.
repo/packages/migrate/src/utils/setupMysql.ts:42
    await db.query(fs.readFileSync(path.join(dirname, 'setup.sql'), 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3be2cc3e7af4bc71 Filesystem access.
repo/packages/migrate/src/utils/setupPostgres.ts:29
    const migrationScript = await fs.readFile(path.join(dirname, 'setup.sql'), { encoding: 'utf-8' })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a204c21a8cd0701e Environment-variable access.
repo/packages/migrate/src/utils/test-SchemaEngineCommands.ts:12
  const result = await canConnectToDatabase(process.env.TEST_CONNECTION_STRING!)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4aaf672b4f04e253 Environment-variable access.
repo/packages/query-plan-executor/examples/server.ts:12
  const databaseUrl = process.env.TEST_POSTGRES_URI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dfd20774d32a3221 Filesystem access.
repo/packages/schema-files-loader/src/resolver/realFsResolver.ts:26
    return fs.readFile(path, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4802b992dafe481c Filesystem access.
repo/packages/schema-files-loader/src/testUtils.ts:16
  return [filePath, fs.readFileSync(filePath, 'utf8')]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #50f5a07827281651 Environment-variable access.
repo/packages/type-benchmark-tests/huge-schema/prisma.config.ts:5
    url: process.env.DATABASE_URL!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #07b852059e44072b Environment-variable access.
repo/packages/type-benchmark-tests/lots-of-relations/prisma.config.ts:5
    url: process.env.DATABASE_URL!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e3e5099ee26c1c5 Environment-variable access.
repo/sandbox/basic-postgres/index.ts:6
  const prisma = new PrismaClient({ adapter: new PrismaPg({ connectionString: process.env.TEST_POSTGRES_URI }) })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2c0cc672064a3559 Environment-variable access.
repo/sandbox/driver-adapters/src/neon.http.ts:5
  const connectionString = `${process.env.JS_NEON_DATABASE_URL as string}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f4c00b35ce00114 Environment-variable access.
repo/sandbox/driver-adapters/src/neon.ws.ts:12
  const connectionString = `${process.env.JS_NEON_DATABASE_URL as string}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ea11202e5b287dc Environment-variable access.
repo/sandbox/driver-adapters/src/pg.ts:6
  const connectionString = `${process.env.JS_PG_DATABASE_URL as string}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a9decbbf15a20810 Environment-variable access.
repo/sandbox/driver-adapters/src/planetscale.ts:5
  const connectionString = `${process.env.JS_PLANETSCALE_DATABASE_URL}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fedc84eb6921ba52 Environment-variable access.
repo/sandbox/driver-adapters/src/ppg.ts:5
  const connectionString = `${process.env.JS_PPG_DATABASE_URL as string}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #483f0d090dc8902f Environment-variable access.
repo/sandbox/studio/prisma.config.ts:12
if (process.env.PROVIDER === 'postgres') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0daa9efda6efad1 Filesystem access.
repo/sandbox/studio/prisma.config.ts:15
  const sql = await readFile(join(__dirname, 'postgres.sql'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56abc0c283e9b12f Environment-variable access.
repo/sandbox/studio/prisma.config.ts:17
  const pool = postgres(process.env.DATABASE_URL_POSTGRES!, { max: 1 })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #60c89bbef0c3cc08 Environment-variable access.
repo/sandbox/studio/prisma.config.ts:22
if (process.env.PROVIDER === 'mysql') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af6663c15270a9c4 Filesystem access.
repo/sandbox/studio/prisma.config.ts:25
  const sql = await readFile(join(__dirname, 'mysql.sql'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e87f8ee99d5637c Environment-variable access.
repo/sandbox/studio/prisma.config.ts:29
    uri: process.env.DATABASE_URL_MYSQL!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0103995c22db139a Environment-variable access.
repo/sandbox/studio/prisma.config.ts:35
if (process.env.PROVIDER === 'sqlite') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #954822e626298769 Filesystem access.
repo/sandbox/studio/prisma.config.ts:57
  const sql = await readFile(join(__dirname, 'sqlite.sql'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4a8ce28a954fc7fb Environment-variable access.
repo/sandbox/studio/prisma.config.ts:70
        const url = new URL(process.env.DATABASE_URL_MYSQL!)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6da3cc65989c68c5 Environment-variable access.
repo/sandbox/studio/prisma.config.ts:74
      postgres: () => process.env.DATABASE_URL_POSTGRES!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #88f77f76cacb50e4 Environment-variable access.
repo/sandbox/studio/prisma.config.ts:76
    }[process.env.PROVIDER || 'postgres'](),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8273aa5b7d75a1b0 Environment-variable access.
repo/scripts/ci/publish.ts:15
const onlyPackages = process.env.ONLY_PACKAGES ? process.env.ONLY_PACKAGES.split(',') : null

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8d236353c55b396 Environment-variable access.
repo/scripts/ci/publish.ts:16
const skipPackages = process.env.SKIP_PACKAGES ? process.env.SKIP_PACKAGES.split(',') : null

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #07378cf318130b27 Environment-variable access.
repo/scripts/ci/publish.ts:19
  if (process.env.GITHUB_CONTEXT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe468d7c6eb8306c Environment-variable access.
repo/scripts/ci/publish.ts:20
    const context = JSON.parse(process.env.GITHUB_CONTEXT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd095f8dbf7e631a Filesystem access.
repo/scripts/ci/publish.ts:94
      packageJson: JSON.parse(await fs.promises.readFile(p, 'utf-8')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9be9a7cfb988c31 Environment-variable access.
repo/scripts/ci/publish.ts:468
  if (!process.env.GITHUB_REF_NAME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b8d1e6cbbcbbde8 Environment-variable access.
repo/scripts/ci/publish.ts:472
  if (process.env.DRY_RUN === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22e1f67e81401dd3 Environment-variable access.
repo/scripts/ci/publish.ts:479
  if (args['--publish'] && process.env.RELEASE_VERSION) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a1a3c0ed68dd9a8 Environment-variable access.
repo/scripts/ci/publish.ts:484
    console.log(`Setting --release to RELEASE_VERSION = ${process.env.RELEASE_VERSION}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b3ed1ea25ccf5bb3 Environment-variable access.
repo/scripts/ci/publish.ts:485
    args['--release'] = process.env.RELEASE_VERSION

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f6cf0f89f73f5bf Environment-variable access.
repo/scripts/ci/publish.ts:490
  if (process.env.CUSTOM_DIST_TAG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f4b6f370749bb1e9 Environment-variable access.
repo/scripts/ci/publish.ts:491
    args['--custom-dist-tag'] = process.env.CUSTOM_DIST_TAG

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d5cbcc3aa6ecb63f Environment-variable access.
repo/scripts/ci/publish.ts:538
  if (branch && (process.env.FORCE_INTEGRATION_RELEASE === 'true' || branch.startsWith('integration/'))) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c0eac375d4cae7ec Environment-variable access.
repo/scripts/ci/publish.ts:573
  if (typeof process.env.GITHUB_OUTPUT == 'string' && process.env.GITHUB_OUTPUT.length > 0) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #90fb497ef9411388 Environment-variable access.
repo/scripts/ci/publish.ts:574
    fs.appendFileSync(process.env.GITHUB_OUTPUT, `patchBranch=${patchBranch}\n`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e0a501abc64340e Environment-variable access.
repo/scripts/ci/publish.ts:575
    fs.appendFileSync(process.env.GITHUB_OUTPUT, `tag=${tag}\n`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #90d6ec7b0456f656 Environment-variable access.
repo/scripts/ci/publish.ts:576
    fs.appendFileSync(process.env.GITHUB_OUTPUT, `tagForEcosystemTestsCheck=${tagForEcosystemTestsCheck}\n`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dea4a4c42ff03f6d Environment-variable access.
repo/scripts/ci/publish.ts:577
    fs.appendFileSync(process.env.GITHUB_OUTPUT, `prismaVersion=${prismaVersion}\n`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #26b0adb77d5f0d81 Environment-variable access.
repo/scripts/ci/publish.ts:595
      if (!passing && process.env.SKIP_ECOSYSTEMTESTS_CHECK !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #252a1780ab32f287 Environment-variable access.
repo/scripts/ci/publish.ts:617
    if (typeof process.env.GITHUB_OUTPUT == 'string' && process.env.GITHUB_OUTPUT.length > 0) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2be5d3d6f69442c0 Environment-variable access.
repo/scripts/ci/publish.ts:618
      fs.appendFileSync(process.env.GITHUB_OUTPUT, `enginesCommitHash=${enginesCommitHash}\n`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aff052706f9affd5 Environment-variable access.
repo/scripts/ci/publish.ts:619
      fs.appendFileSync(process.env.GITHUB_OUTPUT, `prismaCommitHash=${prismaCommitHash}\n`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5f7c8af0fdb0c512 Filesystem access.
repo/scripts/ci/publish.ts:836
  const file = await fs.promises.readFile(pkgJsonPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4b9b3eb0bdef0453 Filesystem access.
repo/scripts/ci/publish.ts:845
    await fs.promises.writeFile(pkgJsonPath, JSON.stringify(packageJson, null, 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44a02d0b8306abca Filesystem access.
repo/scripts/ci/publish.ts:851
  const file = await fs.promises.readFile(pkgJsonPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63c6b471f26309c0 Filesystem access.
repo/scripts/ci/publish.ts:857
    await fs.promises.writeFile(pkgJsonPath, JSON.stringify(packageJson, null, 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d03814b491eeb2ca Environment-variable access.
repo/scripts/ci/publish.ts:862
  if (process.env.GITHUB_REF_NAME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a9e3fbcb91392f3 Environment-variable access.
repo/scripts/ci/publish.ts:863
    return process.env.GITHUB_REF_NAME

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #16f8773a625126b2 Environment-variable access.
repo/scripts/ci/publish.ts:887
  if (process.env.GITHUB_REF_NAME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bfafe92bb3e45fb9 Environment-variable access.
repo/scripts/ci/publish.ts:888
    const versions = getSemverFromPatchBranch(process.env.GITHUB_REF_NAME)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce62b08499485f98 Environment-variable access.
repo/scripts/ci/publish.ts:892
      return process.env.GITHUB_REF_NAME

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1d59dd1d0882af6 Environment-variable access.
repo/scripts/ci/publish.ts:913
  const webhook = new IncomingWebhook(process.env.SLACK_RELEASE_FEED_WEBHOOK!)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9e59c455d7351d4 Filesystem access.
repo/scripts/graph-dependencies.ts:1
import { readdirSync, statSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e32426feacee1499 Environment-variable access.
repo/scripts/only-allow-pnpm.js:6
  if (!process.env.npm_config_user_agent) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af822438dd4182b7 Environment-variable access.
repo/scripts/only-allow-pnpm.js:9
  return pmFromUserAgent(process.env.npm_config_user_agent)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b518526b29f4f9a Environment-variable access.
repo/scripts/run-studio.ts:20
  const url = process.env.STUDIO_DATABASE_URL ?? process.argv[2]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #77c5ce9da4e81c64 Environment-variable access.
repo/scripts/run-studio.ts:21
  const port = process.env.STUDIO_PORT ?? process.argv[3] ?? '5555'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #02476d3e2aaf5cde Environment-variable access.
repo/scripts/run-studio.ts:22
  const browser = process.env.STUDIO_BROWSER ?? process.argv[4] ?? 'none'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/cli

npm first-party
expand_more 222 low-confidence finding(s)
low env_fs production #7765f9cf508f9af1 Filesystem access.
repo/packages/cli/helpers/build.ts:2
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e402bca0fd3f0242 Environment-variable access.
repo/packages/cli/helpers/build.ts:153
const optionalPlugins = process.env.DEV === 'true' ? [] : [cliTypesBuildConfig, cliConfigBuildConfig]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee2dd47f27ef8da7 Environment-variable access.
repo/packages/cli/jest.setup.js:11
  process.env['JITI_ALIAS'] = JSON.stringify({

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0fe69bf3d81d0ef9 Environment-variable access.
repo/packages/cli/jest.setup.js:18
  delete process.env['JITI_ALIAS']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4197781df36416f1 Environment-variable access.
repo/packages/cli/src/DebugInfo.ts:66
      const value = process.env[name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ae4c5e695106605 Filesystem access.
repo/packages/cli/src/Format.ts:106
      await fs.writeFile(filename, data)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c6007dfd2f9a981 Filesystem access.
repo/packages/cli/src/Generate.ts:23
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #511ba84b4b2857d9 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/Init.ts:467
              await fetch(`https://prisma-generate-server.prisma.workers.dev/`, {
                method: 'POST',
                headers: {
                  'Content-Type': 'application/json',
                },
                body: JSON.stringify({
                  description: prompt,
                }),
              })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #3449d9c7d811f268 Filesystem access.
repo/packages/cli/src/Init.ts:656
      const envFile = fs.readFileSync(envPath, { encoding: 'utf8' })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ab2e996b4cac30d Environment-variable access.
repo/packages/cli/src/Studio.ts:320
        const browser = args['--browser'] || process.env.BROWSER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fcaa2003e7b9ae56 Filesystem access.
repo/packages/cli/src/Studio.ts:644
      return await readFile(filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5d1aaf016c90e7bf Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:3
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0b1a56b275edc660 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:15
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c7a5043853eed922 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:19
  const env = fs.readFileSync(join(ctx.tmpDir, '.env'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9f8591aa7a5f3599 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:22
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d954b5952bde9637 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:48
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #accca50a83c15ad1 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:56
  const env = fs.readFileSync(join(ctx.tmpDir, '.env'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ed6699d2f6dfe110 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:68
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2e361409e07d7dc9 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:96
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #07cc883b65c02d2d Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:104
  const env = fs.readFileSync(join(ctx.tmpDir, '.env'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #924846bf12423f2c Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:116
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #85f161bbb39def8f Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:144
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6c309f5112414676 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:152
  const env = fs.readFileSync(join(ctx.tmpDir, '.env'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3b8c63ed7b61f44e Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:164
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a4517c4bf5b70124 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:179
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b28208de1c2eb6ca Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:187
  const env = fs.readFileSync(join(ctx.tmpDir, '.env'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d645f96a5fca6400 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:199
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #14fcaa72d61620ba Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:209
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f7f3edb0c1ad29c0 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:217
  const env = fs.readFileSync(join(ctx.tmpDir, '.env'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #15b69e93f8a4058c Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:229
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2c745164551b7e52 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:239
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #de3c02df38c36162 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:247
  const env = fs.readFileSync(join(ctx.tmpDir, '.env'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #56ca05546eb7d28b Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:259
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e44732e608029def Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:271
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #60ca2818190cdbdd Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:279
  const env = fs.readFileSync(join(ctx.tmpDir, '.env'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f340b6d6ac9caf5f Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:291
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7456a20b1eb3d2c6 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:301
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #981ef034a7004d2d Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:309
  const env = fs.readFileSync(join(ctx.tmpDir, '.env'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #66e64c69e5891b5c Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:321
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2d9442c161de4009 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:336
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0eee5f33601bce1f Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:340
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a4f96309ef744dfb Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:352
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2cb0e2dae7c380d4 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:356
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1c91826dda5cc90f Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:368
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #df3160a323a06779 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:372
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f26d429d89d74829 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:387
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4ef72a0819d4cbe7 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:395
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #42c2e06aa5fde206 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:405
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2d638f11a737cc16 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:413
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #82f50e13ebcd2bce Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:425
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5c1dd5223a0a02b6 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:433
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e248c23000be46af Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:443
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #21062a5ab3416e3b Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:451
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2d800f3c80d2fed6 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:457
  fs.writeFileSync(join(ctx.tmpDir, '.env'), `DATABASE_URL="postgres://dont:overwrite@me:5432/tests"`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9dc6e05fafa5403a Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:461
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f60a66b599be42e0 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:465
  const env = fs.readFileSync(join(ctx.tmpDir, '.env'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5674782e9edcde70 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:468
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #16677c972b6cbcc3 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:474
  fs.writeFileSync(join(ctx.tmpDir, '.env'), `SOMETHING="is here"`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4da44a7620ff429f Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:478
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9d7eb9c126ff3008 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:482
  const env = fs.readFileSync(join(ctx.tmpDir, '.env'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ac6c15c7d9416182 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:486
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ee60673f96d3b20c Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:494
  const gitignore = fs.readFileSync(join(ctx.tmpDir, '.gitignore'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #512e8e69080cd40b Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:497
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a30695a24fdfb94f Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:505
  fs.writeFileSync(gitignorePath, `# This should not be overridden`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7f4194abc5223601 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:506
  fs.readFileSync(gitignorePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c279b8daea4f4bdc Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:508
  const gitignoreAfter = fs.readFileSync(gitignorePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fe7624346a4ec56b Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:511
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #31887d677fe353a4 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:519
  const schema = fs.readFileSync(join(ctx.tmpDir, 'prisma', 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #810afebb22bd5528 Filesystem access.
repo/packages/cli/src/__tests__/Init.vitest.ts:522
  const config = fs.readFileSync(join(ctx.tmpDir, 'prisma.config.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f9da7a583b9e6c35 Environment-variable access.
repo/packages/cli/src/__tests__/artificial-panic.test.ts:15
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c645c7aeb2613881 Environment-variable access.
repo/packages/cli/src/__tests__/artificial-panic.test.ts:21
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5a7e84ca61f58915 Environment-variable access.
repo/packages/cli/src/__tests__/artificial-panic.test.ts:23
      process.env[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2368e3b0bdc897e9 Environment-variable access.
repo/packages/cli/src/__tests__/artificial-panic.test.ts:44
    process.env.FORCE_PANIC_SCHEMA_ENGINE = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8dce02430afc98f6 Environment-variable access.
repo/packages/cli/src/__tests__/artificial-panic.test.ts:74
    process.env.FORCE_PANIC_PRISMA_SCHEMA = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ea09a8a55a77275c Environment-variable access.
repo/packages/cli/src/__tests__/artificial-panic.test.ts:100
    process.env.FORCE_PANIC_GET_CONFIG = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #93a1f7d020582657 Environment-variable access.
repo/packages/cli/src/__tests__/artificial-panic.test.ts:126
    process.env.FORCE_PANIC_GET_DMMF = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1dbe2ff994b6e351 Environment-variable access.
repo/packages/cli/src/__tests__/artificial-panic.test.ts:144
    process.env.FORCE_PANIC_GET_DMMF = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f7074159b85e902e Environment-variable access.
repo/packages/cli/src/__tests__/artificial-panic.test.ts:170
    process.env.FORCE_PANIC_GET_DMMF = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #58ca28508ca8a289 Filesystem access.
repo/packages/cli/src/__tests__/commandState.test.ts:1
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d6430993facbe91a Environment-variable access.
repo/packages/cli/src/__tests__/commands/DebugInfo.test.ts:18
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d4e49f9443aecf04 Environment-variable access.
repo/packages/cli/src/__tests__/commands/DebugInfo.test.ts:24
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2609c208615be2ce Environment-variable access.
repo/packages/cli/src/__tests__/commands/DebugInfo.test.ts:26
      process.env[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0248b5bcc869c76d Environment-variable access.
repo/packages/cli/src/__tests__/commands/DebugInfo.test.ts:70
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6d2e0e701cebced2 Environment-variable access.
repo/packages/cli/src/__tests__/commands/DebugInfo.test.ts:82
    Object.keys(envVars).map((key) => delete process.env[key])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #91d9bb7b5decd8df Environment-variable access.
repo/packages/cli/src/__tests__/commands/DebugInfo.test.ts:86
    process.env.TERM = 'dumb'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0d28a4fc9b107213 Environment-variable access.
repo/packages/cli/src/__tests__/commands/DebugInfo.test.ts:160
    process.env.TERM = 'dumb'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #236c66ad18064ff7 Environment-variable access.
repo/packages/cli/src/__tests__/commands/Format.test.ts:19
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ae48f52b9cc98edc Environment-variable access.
repo/packages/cli/src/__tests__/commands/Format.test.ts:25
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #574ee45039b0712b Environment-variable access.
repo/packages/cli/src/__tests__/commands/Format.test.ts:27
      process.env[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8abe0ee50c42240b Filesystem access.
repo/packages/cli/src/__tests__/commands/Format.test.ts:265
    expect(fs.readFileSync('schema.prisma', { encoding: 'utf-8' })).toMatchSnapshot()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #34590297a72aa31f Filesystem access.
repo/packages/cli/src/__tests__/commands/Format.test.ts:271
    expect(fs.readFileSync('missing-backrelation.prisma', { encoding: 'utf-8' })).toMatchSnapshot()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d60151aa9770ed4e Environment-variable access.
repo/packages/cli/src/__tests__/commands/Format.test.ts:312
    process.env.PRISMA_DISABLE_WARNINGS = 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cef66e9d766946bb Environment-variable access.
repo/packages/cli/src/__tests__/commands/Validate.test.ts:18
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c27617ad8c2da8cc Environment-variable access.
repo/packages/cli/src/__tests__/commands/Validate.test.ts:24
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6ee590d15515f67b Environment-variable access.
repo/packages/cli/src/__tests__/commands/Validate.test.ts:26
      process.env[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b099d075273d32af Environment-variable access.
repo/packages/cli/src/__tests__/commands/Validate.test.ts:292
    process.env.PRISMA_DISABLE_WARNINGS = 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #92c86e5013cba504 Filesystem access.
repo/packages/cli/src/__tests__/incomplete-schemas.test.ts:7
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d36e79213bbf91ba Filesystem access.
repo/packages/cli/src/__tests__/incomplete-schemas.test.ts:63
      fs.writeFileSync('script.sql', dbExecuteSQLScript)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a3acacd91eaa1c86 Filesystem access.
repo/packages/cli/src/__tests__/incomplete-schemas.test.ts:140
      fs.writeFileSync('script.sql', dbExecuteSQLScript)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #73aabb6a2dd0c7ff Filesystem access.
repo/packages/cli/src/__tests__/incomplete-schemas.test.ts:241
      fs.writeFileSync('script.sql', dbExecuteSQLScript)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6cd1c9472f3c433e Filesystem access.
repo/packages/cli/src/__tests__/nps.test.ts:1
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #41861adb38979e47 Environment-variable access.
repo/packages/cli/src/__tests__/nps.test.ts:20
        delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ab28d913930e01a1 Environment-variable access.
repo/packages/cli/src/__tests__/nps.test.ts:26
        delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #21666fb0a26b01ae Environment-variable access.
repo/packages/cli/src/__tests__/nps.test.ts:28
        process.env[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #26ebd72ef40e4e80 Environment-variable access.
repo/packages/cli/src/__tests__/nps.test.ts:40
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bc34ba88447d4ba9 Environment-variable access.
repo/packages/cli/src/__tests__/nps.test.ts:65
    process.env.CI = 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #868768fad78b8fd3 Environment-variable access.
repo/packages/cli/src/__tests__/nps.test.ts:134
    process.env.KUBERNETES_SERVICE_HOST = '10.96.0.1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c3a9db928a96767f Environment-variable access.
repo/packages/cli/src/__tests__/nps.test.ts:155
    process.env.GIT_EXEC_PATH = '/nix/store/9z3jhc0rlj3zaw8nd1zka9vli6w0q11g-git-2.47.2/libexec/git-core'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e51d2d884a0bc631 Environment-variable access.
repo/packages/cli/src/__tests__/nps.test.ts:176
    process.env.npm_command = 'install'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6e172a8c3a37ee8c Environment-variable access.
repo/packages/cli/src/__tests__/nps.test.ts:177
    process.env.npm_lifecycle_event = 'prepare'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dbf139c09d11aaaa Environment-variable access.
repo/packages/cli/src/__tests__/printUpdateMessage.test.ts:32
  originalPrismaHideUpdateMessageEnv = process.env.PRISMA_HIDE_UPDATE_MESSAGE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cecd7a1e6394056a Environment-variable access.
repo/packages/cli/src/__tests__/printUpdateMessage.test.ts:33
  delete process.env.PRISMA_HIDE_UPDATE_MESSAGE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #96c23017fe5d75fb Environment-variable access.
repo/packages/cli/src/__tests__/printUpdateMessage.test.ts:38
  process.env.PRISMA_HIDE_UPDATE_MESSAGE = originalPrismaHideUpdateMessageEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c23062e5ac5d74bb Environment-variable access.
repo/packages/cli/src/__tests__/update-message.test.ts:11
    originalPrismaHideUpdateMessageEnv = process.env.PRISMA_HIDE_UPDATE_MESSAGE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9742af2b1750dbf3 Environment-variable access.
repo/packages/cli/src/__tests__/update-message.test.ts:12
    delete process.env.PRISMA_HIDE_UPDATE_MESSAGE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #324cfb2e138b9283 Environment-variable access.
repo/packages/cli/src/__tests__/update-message.test.ts:16
    process.env.PRISMA_HIDE_UPDATE_MESSAGE = originalPrismaHideUpdateMessageEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8db2ae1f84c7de8e Environment-variable access.
repo/packages/cli/src/__tests__/update-message.test.ts:144
    process.env.PRISMA_HIDE_UPDATE_MESSAGE = 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #936a1f40f50344ff Filesystem access.
repo/packages/cli/src/bootstrap/Bootstrap.ts:288
          const envContent = fs.readFileSync(envPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #183ebbbc1979ace5 Environment-variable access.
repo/packages/cli/src/bootstrap/Bootstrap.ts:294
        process.env.DATABASE_URL = databaseUrl

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #757deb62a0dbbdd3 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:160
    fs.writeFileSync(path.join(tmpDir, 'package.json'), '{"name":"test"}', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5190d62b973c9f90 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:206
    fs.writeFileSync(path.join(tmpDir, 'package.json'), '{"name":"test"}', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cc61b90b1cf60938 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:234
    fs.writeFileSync(path.join(tmpDir, 'package.json'), '{"name":"test"}', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5aff1810a76236df Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:266
    fs.writeFileSync(path.join(prismaDir, 'schema.prisma'), 'datasource db { provider = "postgresql" }', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #888788a888db3738 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:293
    fs.writeFileSync(
      path.join(prismaDir, 'schema.prisma'),
      `
datasource db { provider = "postgresql" }
model User { id Int @id }
`,
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b03c1be70bab8796 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:324
    fs.writeFileSync(path.join(tmpDir, 'package.json'), '{"name":"test"}', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bd206618287db46c Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:327
    fs.writeFileSync(
      path.join(prismaDir, 'schema.prisma'),
      'datasource db { provider = "postgresql" }\nmodel User { id Int @id }',
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #40525b9d1c77b536 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:363
    fs.writeFileSync(path.join(tmpDir, 'package.json'), '{"name":"test"}', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #89315cb5c4bdb1e4 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:366
    fs.writeFileSync(
      path.join(prismaDir, 'schema.prisma'),
      'datasource db { provider = "postgresql" }\nmodel User { id Int @id }',
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7e3a03c9833b057a Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:396
    fs.writeFileSync(path.join(tmpDir, 'package.json'), '{"name":"test"}', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c287bce35c091811 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:399
    fs.writeFileSync(
      path.join(prismaDir, 'schema.prisma'),
      'datasource db { provider = "postgresql" }\nmodel User { id Int @id }',
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7eb10a91fa07bd28 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:430
    fs.writeFileSync(
      path.join(tmpDir, 'package.json'),
      '{"name":"test","prisma":{"seed":"npx tsx prisma/seed.ts"}}',
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bad8f8f505d76cae Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:437
    fs.writeFileSync(
      path.join(prismaDir, 'schema.prisma'),
      'datasource db { provider = "postgresql" }\nmodel User { id Int @id }',
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f0596f6f10e268a8 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:464
    fs.writeFileSync(
      path.join(tmpDir, 'package.json'),
      '{"name":"test","prisma":{"seed":"npx tsx prisma/seed.ts"}}',
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8ec9a9f2e69bd119 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:471
    fs.writeFileSync(
      path.join(prismaDir, 'schema.prisma'),
      'datasource db { provider = "postgresql" }\nmodel User { id Int @id }',
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #05c9ecd7492ff8f7 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:503
    fs.writeFileSync(
      path.join(tmpDir, 'package.json'),
      '{"name":"test","prisma":{"seed":"npx tsx prisma/seed.ts"}}',
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d05f5224a5b3ecd1 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:510
    fs.writeFileSync(
      path.join(prismaDir, 'schema.prisma'),
      'datasource db { provider = "postgresql" }\nmodel User { id Int @id }',
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d5ac4e177f63b34b Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:542
    fs.writeFileSync(
      path.join(tmpDir, 'package.json'),
      '{"name":"test","prisma":{"seed":"npx tsx prisma/seed.ts"}}',
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4f30f1a94b7b2fe8 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:549
    fs.writeFileSync(
      path.join(prismaDir, 'schema.prisma'),
      'datasource db { provider = "postgresql" }\nmodel User { id Int @id }',
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #40857d6f3e83e0d1 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/Bootstrap.vitest.ts:582
    fs.writeFileSync(path.join(tmpDir, 'package.json'), '{"name":"test"}', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cdbe8546ce8d5638 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/project-state.vitest.ts:32
    fs.writeFileSync(path.join(tmpDir, 'package.json'), '{}', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c0941505f894fdeb Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/project-state.vitest.ts:41
    fs.writeFileSync(path.join(prismaDir, 'schema.prisma'), `datasource db { provider = "postgresql" }`, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9fb633cf24300fd0 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/project-state.vitest.ts:49
    fs.writeFileSync(path.join(tmpDir, 'schema.prisma'), `datasource db { provider = "postgresql" }`, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #71a8f5a057dc6d04 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/project-state.vitest.ts:58
    fs.writeFileSync(
      path.join(prismaDir, 'schema.prisma'),
      `
datasource db {
  provider = "postgresql"
  url = env("DATABASE_URL")
}

model User {
  id   Int    @id @default(autoincrement())
  name String
}
`,
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #568206fa4c95e07a Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/project-state.vitest.ts:79
    fs.writeFileSync(path.join(tmpDir, 'prisma.config.ts'), 'export default {}', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3c17f0ba3e34559c Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/project-state.vitest.ts:86
    fs.writeFileSync(path.join(tmpDir, '.env'), 'DATABASE_URL=test', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1e96e125a0c2a24f Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/project-state.vitest.ts:93
    fs.writeFileSync(
      path.join(tmpDir, 'package.json'),
      JSON.stringify({ prisma: { seed: 'ts-node prisma/seed.ts' } }),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #23ab8e35bea5772c Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/project-state.vitest.ts:104
    fs.writeFileSync(path.join(tmpDir, 'package.json'), JSON.stringify({ prisma: { seed: '' } }), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6e328c5b22b46af7 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/project-state.vitest.ts:111
    fs.writeFileSync(path.join(tmpDir, 'package.json'), JSON.stringify({ name: 'test' }), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #24864a8321e7a653 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/project-state.vitest.ts:118
    fs.writeFileSync(
      path.join(tmpDir, 'prisma.config.ts'),
      `import { defineConfig } from 'prisma/config'\nexport default defineConfig({ migrations: { seed: 'tsx ./prisma/seed.ts' } })`,
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c7f5941af186e29c Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/project-state.vitest.ts:129
    fs.writeFileSync(
      path.join(tmpDir, 'prisma.config.ts'),
      `export default defineConfig({\n  migrations: {\n    seed: "npx tsx prisma/seed.ts",\n  },\n})`,
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3f409c55f1af3cf5 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/project-state.vitest.ts:140
    fs.writeFileSync(
      path.join(tmpDir, 'prisma.config.ts'),
      `export default defineConfig({ migrations: { path: 'prisma/migrations' } })`,
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1709b76c359807e5 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/project-state.vitest.ts:159
    fs.writeFileSync(
      path.join(prismaDir, 'schema.prisma'),
      `
datasource db { provider = "postgresql" }

model User {
  id   Int    @id
  name String
  posts Post[]
}

model Post {
  id     Int    @id
  title  String
  author User   @relation(fields: [authorId], references: [id])
  authorId Int
}
`,
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #28c599681d3c2226 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/project-state.vitest.ts:186
    fs.writeFileSync(path.join(prismaDir, 'schema.prisma'), `datasource db { provider = "postgresql" }`, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2b134695bafe63c1 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/project-state.vitest.ts:198
    fs.writeFileSync(
      path.join(tmpDir, 'package.json'),
      JSON.stringify({ prisma: { seed: 'ts-node prisma/seed.ts' } }),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #636d0740a8ab787b Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/project-state.vitest.ts:208
    fs.writeFileSync(
      path.join(tmpDir, 'prisma.config.ts'),
      `export default defineConfig({ migrations: { seed: 'npx tsx prisma/seed.ts' } })`,
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #43627efe43fd6717 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/project-state.vitest.ts:218
    fs.writeFileSync(
      path.join(tmpDir, 'package.json'),
      JSON.stringify({ prisma: { seed: 'ts-node prisma/seed.ts' } }),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e44a3121fb84413a Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/project-state.vitest.ts:223
    fs.writeFileSync(
      path.join(tmpDir, 'prisma.config.ts'),
      `export default defineConfig({ migrations: { seed: 'npx tsx prisma/seed.ts' } })`,
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8542cb17544b48c7 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/template-scaffold.vitest.ts:36
    fs.writeFileSync(path.join(tmpDir, 'pnpm-lock.yaml'), '', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6f7132d0f4ce95cc Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/template-scaffold.vitest.ts:41
    fs.writeFileSync(path.join(tmpDir, 'yarn.lock'), '', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3a02954340930f48 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/template-scaffold.vitest.ts:50
    fs.writeFileSync(path.join(tmpDir, 'pnpm-lock.yaml'), '', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fc594ec68b23fdea Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/template-scaffold.vitest.ts:51
    fs.writeFileSync(path.join(tmpDir, 'yarn.lock'), '', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dbbbc638390de47b Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/template-scaffold.vitest.ts:56
    fs.writeFileSync(path.join(tmpDir, 'package.json'), '{"packageManager":"[email protected]"}', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #99cce3fe91bc7d83 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/template-scaffold.vitest.ts:61
    fs.writeFileSync(path.join(tmpDir, 'package.json'), '{"packageManager":"[email protected]"}', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e2fa07ef4a6c8265 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/template-scaffold.vitest.ts:66
    fs.writeFileSync(path.join(tmpDir, 'package.json'), '{"packageManager":"[email protected]"}', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e9aee6e2df0c0a82 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/template-scaffold.vitest.ts:71
    fs.writeFileSync(path.join(tmpDir, 'yarn.lock'), '', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0e829fd715d629c7 Filesystem access.
repo/packages/cli/src/bootstrap/__tests__/template-scaffold.vitest.ts:72
    fs.writeFileSync(path.join(tmpDir, 'package.json'), '{"packageManager":"[email protected]"}', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99516ebaf5c4338e Filesystem access.
repo/packages/cli/src/bootstrap/project-state.ts:34
    const pkg = JSON.parse(fs.readFileSync(packageJsonPath, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #053688643e14e6f6 Filesystem access.
repo/packages/cli/src/bootstrap/project-state.ts:48
    const content = fs.readFileSync(configPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #24ca963f5fdd6678 Filesystem access.
repo/packages/cli/src/bootstrap/project-state.ts:59
    const content = fs.readFileSync(schemaPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0d62fc3376f995a Filesystem access.
repo/packages/cli/src/bootstrap/project-state.ts:71
      const pkg = JSON.parse(fs.readFileSync(packageJsonPath, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #be78bbff555db74a Filesystem access.
repo/packages/cli/src/bootstrap/project-state.ts:81
      const content = fs.readFileSync(configPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #93e6d747aadb645e Filesystem access.
repo/packages/cli/src/bootstrap/project-state.ts:97
      const content = fs.readFileSync(schemaPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd0ca91cbcfcafa7 Environment-variable access.
repo/packages/cli/src/bootstrap/telemetry.ts:6
  return Boolean(process.env.CHECKPOINT_DISABLE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #ba547000b2966552 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/bootstrap/template-scaffold.ts:54
  const response = await fetch(PRISMA_EXAMPLES_TARBALL_URL, {
    headers: { Accept: 'application/vnd.github+json', 'User-Agent': 'prisma-cli' },
    redirect: 'follow',
    signal: AbortSignal.timeout(120_000),
  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #a98db50d28c57bfe Filesystem access.
repo/packages/cli/src/bootstrap/template-scaffold.ts:82
        fs.writeFileSync(destPath, tarBuffer.subarray(offset, offset + header.size))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dba8930e5c34b603 Filesystem access.
repo/packages/cli/src/bootstrap/template-scaffold.ts:161
      const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ae4d2d059281e98 Filesystem access.
repo/packages/cli/src/generate/introspectSql.ts:4
import fs from 'fs/promises'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #387767d71e55d844 Filesystem access.
repo/packages/cli/src/generate/introspectSql.ts:39
    const source = await fs.readFile(path.join(typedSqlDirPath, fileName), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1210aba064312201 Filesystem access.
repo/packages/cli/src/init/file-writer.ts:17
    fs.writeFileSync(absPath, content, options)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #58f0696425137aa3 Environment-variable access.
repo/packages/cli/src/postgres/link/Link.ts:43
  return process.env.PRISMA_MANAGEMENT_API_URL ?? DEFAULT_MANAGEMENT_API_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12b8f47bb0037cd0 Environment-variable access.
repo/packages/cli/src/postgres/link/Link.ts:182
    const apiKey = explicitApiKey ?? (databaseId ? process.env.PRISMA_API_KEY : undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a4cb12ed319d2dad Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/Link.vitest.ts:119
    const envContent = fs.readFileSync(path.join(tmpDir, '.env'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3b7de5d0615cdfe0 Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/Link.vitest.ts:139
    fs.writeFileSync(
      path.join(prismaDir, 'schema.prisma'),
      `
datasource db {
  provider = "postgresql"
  url      = env("DATABASE_URL")
}

model User {
  id    Int    @id @default(autoincrement())
  name  String
}
`,
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a5a3b186e80a12c4 Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/Link.vitest.ts:198
    fs.writeFileSync(
      path.join(tmpDir, '.env'),
      "DATABASE_URL='postgres://user:[email protected]:5432/postgres'\n",
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b5699bb6f9d6037d Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/Link.vitest.ts:216
    fs.writeFileSync(
      path.join(tmpDir, '.env'),
      "DATABASE_URL='postgres://user:[email protected]:5432/postgres'\n",
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8ea747b468ff6347 Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/local-setup.vitest.ts:31
    const content = fs.readFileSync(envPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #17eef3a680b459ad Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/local-setup.vitest.ts:37
    fs.writeFileSync(envPath, 'EXISTING_VAR="hello"\n', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4518db80459b95f5 Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/local-setup.vitest.ts:47
    const content = fs.readFileSync(envPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #363e17c3cab8a979 Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/local-setup.vitest.ts:53
    fs.writeFileSync(envPath, 'DATABASE_URL="old-value"\n', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #73d621c57f650572 Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/local-setup.vitest.ts:63
    const content = fs.readFileSync(envPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d9e24c681af098b6 Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/local-setup.vitest.ts:69
    fs.writeFileSync(envPath, 'DATABASE_URL="old-value"\n', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #de8144d906686b21 Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/local-setup.vitest.ts:79
    const content = fs.readFileSync(envPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d7d72ccea11da1df Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/local-setup.vitest.ts:90
    const content = fs.readFileSync(envPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0f8f6e667edbd441 Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/local-setup.vitest.ts:101
    fs.writeFileSync(path.join(tmpDir, '.gitignore'), 'node_modules\n.env\n', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c6eb70b4b143caf9 Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/local-setup.vitest.ts:106
    fs.writeFileSync(path.join(tmpDir, '.gitignore'), '/.env\n', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6608ac416a075a08 Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/local-setup.vitest.ts:111
    fs.writeFileSync(path.join(tmpDir, '.gitignore'), 'node_modules\ndist\n', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d55976820ad06405 Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/local-setup.vitest.ts:126
    const envContent = fs.readFileSync(path.join(tmpDir, '.env'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #72ca6702f932a71e Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/local-setup.vitest.ts:137
    fs.writeFileSync(path.join(tmpDir, '.env'), "DATABASE_URL='postgres://localhost:5432/mydb'\n", 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0cd8feabf750caa6 Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/local-setup.vitest.ts:142
    fs.writeFileSync(
      path.join(tmpDir, '.env'),
      "DATABASE_URL='postgres://user:[email protected]:5432/postgres'\n",
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9a59c7595025493a Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/local-setup.vitest.ts:151
    fs.writeFileSync(
      path.join(tmpDir, '.env'),
      "DATABASE_URL='postgres://user:[email protected]:5432/postgres'\n",
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e94feeb7146ea3f9 Filesystem access.
repo/packages/cli/src/postgres/link/__tests__/local-setup.vitest.ts:160
    fs.writeFileSync(path.join(tmpDir, '.env'), "OTHER_VAR='value'\n", 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2d2901ff4e06e75 Filesystem access.
repo/packages/cli/src/postgres/link/local-setup.ts:22
    fs.writeFileSync(envPath, lines.join('\n') + '\n', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #868b73f578c73621 Filesystem access.
repo/packages/cli/src/postgres/link/local-setup.ts:28
  let content = fs.readFileSync(envPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5e8e22d3517e247 Filesystem access.
repo/packages/cli/src/postgres/link/local-setup.ts:46
  fs.writeFileSync(envPath, content, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8585eff48898e5d Filesystem access.
repo/packages/cli/src/postgres/link/local-setup.ts:61
  const content = fs.readFileSync(gitignorePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c0ab1127b9b78de4 Filesystem access.
repo/packages/cli/src/postgres/link/local-setup.ts:87
  const parsed = dotenv.parse(fs.readFileSync(envPath, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #dd340c13676d3400 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/status-page.ts:156
    const response = await fetch(SUMMARY_API_URL, { signal: AbortSignal.timeout(10_000) })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #31ff61e1d27981ff Environment-variable access.
repo/packages/cli/src/utils/checkpoint.ts:37
  if (process.env['CHECKPOINT_DISABLE']) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3dc3533294fd96a4 Environment-variable access.
repo/packages/cli/src/utils/checkpoint.ts:94
      information: args['--telemetry-information'] || process.env.PRISMA_TELEMETRY_INFORMATION,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d88db52db4e5b304 Filesystem access.
repo/packages/cli/src/utils/commandState.ts:2
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99e3275b173447dc Filesystem access.
repo/packages/cli/src/utils/commandState.ts:19
  const data = await fs.promises
    .readFile(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2a6cd00fdbcf784a Filesystem access.
repo/packages/cli/src/utils/commandState.ts:25
    await fs.promises.writeFile(filePath, JSON.stringify(state))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a63f468d03dc8655 Filesystem access.
repo/packages/cli/src/utils/getClientVersion.ts:1
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4580c2f0c79641bc Filesystem access.
repo/packages/cli/src/utils/getClientVersion.ts:23
    const pkgJsonString = await fs.promises.readFile(pkgJsonPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81d8f97723eecba7 Filesystem access.
repo/packages/cli/src/utils/getClientVersion.ts:47
    const pkgJsonString = await fs.promises.readFile(pkgJsonPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #52f6eb0a1b6ae2a9 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/utils/nps/capture.ts:11
const posthogCaptureUrl = new URL('https://proxyhog.prisma-data.net/capture')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #7fc6d94a50265011 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/utils/nps/status.ts:14
const npsStatusUrl = new URL('https://pub-833f4cf4b3dc4d17a6db4981affc9fbb.r2.dev/timeframe.json')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #8b5ef3a4819488b7 Filesystem access.
repo/packages/cli/src/utils/nps/survey.ts:5
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #832aa5ee2e41310b Filesystem access.
repo/packages/cli/src/utils/nps/survey.ts:165
  const data = await fs.promises
    .readFile(getConfigPath(), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc4de0bddfe9e7dd Filesystem access.
repo/packages/cli/src/utils/nps/survey.ts:187
  await fs.promises.writeFile(configPath, JSON.stringify(config))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #275683455ff20882 Environment-variable access.
repo/packages/cli/src/utils/printUpdateMessage.ts:8
  const shouldHide = process.env.PRISMA_HIDE_UPDATE_MESSAGE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3e7dc6526054354b Filesystem access.
repo/packages/cli/src/utils/prompt/utils/isDirEmpty.ts:1
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/client

npm first-party
expand_more 99 low-confidence finding(s)
low env_fs production #550c2e4491a04b66 Filesystem access.
repo/packages/client/helpers/build.ts:1
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a89a1fe4f18c516 Environment-variable access.
repo/packages/client/helpers/build.ts:31
const shouldMinify = !process.env.DEV && process.env.MINIFY !== 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7048427f972d9c26 Filesystem access.
repo/packages/client/helpers/build.ts:178
                  const wasmBuffer = fs.readFileSync(wasmFilePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #127c187063be0ff2 Filesystem access.
repo/packages/client/helpers/build.ts:185
                    fs.writeFileSync(base64FilePath, base64Content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d6d8f589179882e5 Filesystem access.
repo/packages/client/helpers/build.ts:211
  fs.writeFileSync(path.join(runtimeDir, fileName), 'export * from "./client"\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1a544092adb24fc Environment-variable access.
repo/packages/client/helpers/jestSetup.js:1
process.env.PRISMA_HIDE_PREVIEW_FLAG_WARNINGS = 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #909f0a641258b401 Filesystem access.
repo/packages/client/helpers/new-test/new-test.ts:2
import fs from 'fs/promises'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d305ee2166c64ba5 Filesystem access.
repo/packages/client/helpers/new-test/new-test.ts:116
  await fs.writeFile(at, template(relImport))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #03dc964f85f7a916 Environment-variable access.
repo/packages/client/scripts/colors.js:14
    colors.enabled = process.env.FORCE_COLOR !== '0'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2b24a1a192db4841 Filesystem access.
repo/packages/client/src/__tests__/benchmarks/huge-schema/builder.ts:3
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #67f104413018414f Filesystem access.
repo/packages/client/src/__tests__/benchmarks/huge-schema/builder.ts:10
  fs.writeFileSync(location, data, {})

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #376f23a0e0191021 Environment-variable access.
repo/packages/client/src/__tests__/benchmarks/huge-schema/huge-schema.bench.ts:26
if (!process.env.CODSPEED_BENCHMARK) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cfa3b23c4841be86 Filesystem access.
repo/packages/client/src/__tests__/benchmarks/lots-of-relations/builder.ts:1
import fs from 'fs/promises'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #62842cb38bebd774 Filesystem access.
repo/packages/client/src/__tests__/benchmarks/lots-of-relations/builder.ts:39
  await fs.writeFile('schema.prisma', str)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9ea528f6bdade21d Filesystem access.
repo/packages/client/src/__tests__/benchmarks/query-performance/caching.bench.ts:18
const BENCHMARK_DATAMODEL = fs.readFileSync(path.join(__dirname, 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #477183ee25412226 Environment-variable access.
repo/packages/client/src/__tests__/benchmarks/query-performance/qc-loader.ts:16
        if (process.env.LOCAL_QC_BUILD_DIRECTORY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5652024261db2a25 Environment-variable access.
repo/packages/client/src/__tests__/benchmarks/query-performance/qc-loader.ts:17
          runtimePath = path.join(process.env.LOCAL_QC_BUILD_DIRECTORY, provider, 'query_compiler_fast_bg.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c6f6144f8a42e154 Environment-variable access.
repo/packages/client/src/__tests__/benchmarks/query-performance/qc-loader.ts:25
        if (process.env.LOCAL_QC_BUILD_DIRECTORY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f0b0760736c8c1f5 Environment-variable access.
repo/packages/client/src/__tests__/benchmarks/query-performance/qc-loader.ts:26
          const wasmPath = path.join(process.env.LOCAL_QC_BUILD_DIRECTORY, provider, 'query_compiler_fast_bg.wasm')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #efb8c1cd945b948e Filesystem access.
repo/packages/client/src/__tests__/benchmarks/query-performance/qc-loader.ts:27
          moduleBytes = await fs.promises.readFile(wasmPath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a173e4480345315d Environment-variable access.
repo/packages/client/src/__tests__/benchmarks/query-performance/query-performance.bench.ts:257
  if (process.env.CODSPEED_BENCHMARK) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #de2a7f038374e160 Filesystem access.
repo/packages/client/src/__tests__/dmmfTypes.test.ts:2
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3a7d0f95a6db6217 Filesystem access.
repo/packages/client/src/__tests__/dmmfTypes.test.ts:33
  fs.writeFileSync(target, file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7901f33409dade88 Environment-variable access.
repo/packages/client/src/__tests__/integration/__helpers__/migrateDb.ts:10
  const databaseUrl = process.env.DATABASE_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6cf7909a4f077960 Environment-variable access.
repo/packages/client/src/__tests__/integration/errors/executeRaw-alter-postgres/test.ts:11
  process.env.DATABASE_URL = process.env.TEST_POSTGRES_URI!.replace('tests', 'tests-execute-raw-alter')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #016b5bc53ca550d7 Environment-variable access.
repo/packages/client/src/__tests__/integration/errors/executeRaw-alter-postgres/test.ts:12
  await tearDownPostgres(process.env.DATABASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d2fd643091885af1 Environment-variable access.
repo/packages/client/src/__tests__/integration/errors/int-errors/test.ts:12
    let connectionString = process.env.TEST_MYSQL_URI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ee1a9d65f9f2609b Environment-variable access.
repo/packages/client/src/__tests__/integration/errors/multi-schema/test.ts:18
    process.env.DATABASE_URL = process.env.TEST_POSTGRES_URI!.replace('tests', 'tests-multischema')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #150afe926d5487b4 Environment-variable access.
repo/packages/client/src/__tests__/integration/errors/multi-schema/test.ts:19
    await tearDownPostgres(process.env.DATABASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c1d675d01a416663 Environment-variable access.
repo/packages/client/src/__tests__/integration/errors/multi-schema/test.ts:21
      connectionString: process.env.DATABASE_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4cb872947639e805 Environment-variable access.
repo/packages/client/src/__tests__/integration/errors/referentialActions-onDelete-default-foreign-key-error-mysql/test.ts:11
    process.env.DATABASE_URL = process.env.TEST_MYSQL_URI!.replace('tests', 'tests-referentialActions-onDelete-default')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #78f1880bf53e194b Environment-variable access.
repo/packages/client/src/__tests__/integration/errors/referentialActions-onDelete-default-foreign-key-error-mysql/test.ts:12
    await tearDownMysql(process.env.DATABASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #878d2052ec72e38d Environment-variable access.
repo/packages/client/src/__tests__/integration/errors/referentialActions-onDelete-default-foreign-key-error-postgresql/test.ts:11
    process.env.DATABASE_URL = process.env.TEST_POSTGRES_URI!.replace(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #98bfe483152b6b41 Environment-variable access.
repo/packages/client/src/__tests__/integration/errors/referentialActions-onDelete-default-foreign-key-error-postgresql/test.ts:15
    await tearDownPostgres(process.env.DATABASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #38e174a114ea7135 Environment-variable access.
repo/packages/client/src/__tests__/integration/errors/referentialActions-onDelete-default-foreign-key-error-sqlserver/test.ts:10
describeIf(!process.env.TEST_SKIP_MSSQL)('referentialActions-onDelete-default-foreign-key-error(sqlserver)', () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e5ad0960a4e70bc0 Environment-variable access.
repo/packages/client/src/__tests__/integration/errors/referentialActions-onDelete-default-foreign-key-error-sqlserver/test.ts:12
    if (!process.env.TEST_MSSQL_JDBC_URI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4b2dc0191aab68f4 Environment-variable access.
repo/packages/client/src/__tests__/integration/errors/referentialActions-onDelete-default-foreign-key-error-sqlserver/test.ts:15
    process.env.DATABASE_URL = process.env.TEST_MSSQL_JDBC_URI.replace('master', 'referentialActions-onDelete-default')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bf3ba1c24887148c Environment-variable access.
repo/packages/client/src/__tests__/integration/errors/wrong-native-types-mysql/test.ts:11
  process.env.DATABASE_URL = process.env.TEST_MYSQL_URI!.replace('tests', 'tests-wrong-native-types')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d50164910e891b48 Environment-variable access.
repo/packages/client/src/__tests__/integration/errors/wrong-native-types-mysql/test.ts:12
  await tearDownMysql(process.env.DATABASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #21b1ed7eb9e2dafd Environment-variable access.
repo/packages/client/src/__tests__/integration/errors/wrong-native-types-postgres/test.ts:11
  process.env.DATABASE_URL = process.env.TEST_POSTGRES_URI!.replace('tests', 'tests-wrong-native-types-tests')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2eba9a6629f22ab9 Environment-variable access.
repo/packages/client/src/__tests__/integration/errors/wrong-native-types-postgres/test.ts:12
  await tearDownPostgres(process.env.DATABASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d40dcc8ac79c88b6 Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/insensitive-postgresql-feature-flag/test.ts:7
  const connectionString = process.env.TEST_POSTGRES_URI!.replace('tests', 'tests-insensitive-postgresql-feature-flag')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9784d27583ed47b7 Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/insensitive-postgresql/test.ts:7
  const connectionString = process.env.TEST_POSTGRES_URI!.replace('tests', 'tests-insensitive-postgresql')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8e12faf5697e460a Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/json-filtering-mysql/test.ts:13
    process.env.DATABASE_URL = process.env.TEST_MYSQL_URI!.replace('tests', 'tests-json-filtering')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #28615e183c562a53 Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/json-filtering-mysql/test.ts:14
    await tearDownMysql(process.env.DATABASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #03456b0cbfc0afb7 Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/json-filtering-postgres/test.ts:12
const isMacOrWindowsCI = Boolean(process.env.CI) && ['darwin', 'win32'].includes(process.platform)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #53ca049d22e2603a Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/json-filtering-postgres/test.ts:19
    process.env.DATABASE_URL = process.env.TEST_POSTGRES_URI!.replace('tests', 'tests-json-filtering')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2cae7709b09a90fd Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/json-filtering-postgres/test.ts:20
    await tearDownPostgres(process.env.DATABASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #edfad267ee8f8705 Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/mysql-binary-id/test.ts:8
  process.env.DATABASE_URL = process.env.TEST_MYSQL_URI!.replace('tests', 'tests-mysql-binary-id')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #88b5fade332d3f33 Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/mysql-binary-id/test.ts:9
  await tearDownMysql(process.env.DATABASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1010463d5d4d8595 Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/native-types-mysql/test.ts:9
  process.env.DATABASE_URL = process.env.TEST_MYSQL_URI!.replace('tests', 'tests-native-types')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #92b720c8a2e10bc3 Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/native-types-mysql/test.ts:10
  await tearDownMysql(process.env.DATABASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a7ef30ee51b5d65e Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/native-types-postgres/test.ts:9
  process.env.DATABASE_URL = process.env.TEST_POSTGRES_URI!.replace('tests', 'tests-native-types-tests')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a6df1f77f0bac525 Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/native-types-postgres/test.ts:10
  await tearDownPostgres(process.env.DATABASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bf0b6efb8457ba9b Filesystem access.
repo/packages/client/src/__tests__/integration/happy/not-so-exhaustive-schema-mongo/common.ts:1
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f379da33ced138d1 Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/not-so-exhaustive-schema-mongo/common.ts:6
const isMacOrWindowsCI = Boolean(process.env.CI) && ['darwin', 'win32'].includes(process.platform)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #100cade7cfd6c8d8 Filesystem access.
repo/packages/client/src/__tests__/integration/happy/not-so-exhaustive-schema-mongo/common.ts:20
  const generatedTypeScript = fs.readFileSync(path.join(clientDir, './node_modules/.prisma/client/index.d.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f2cb1b44c9c8c475 Filesystem access.
repo/packages/client/src/__tests__/integration/happy/not-so-exhaustive-schema-mongo/common.ts:21
  const generatedBrowserJS = fs.readFileSync(
    path.join(clientDir, './node_modules/.prisma/client/index-browser.js'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ca9e85f7639c11c6 Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/not-so-exhaustive-schema-mongo/dmmf-types.test.ts:8
const isMacOrWindowsCI = Boolean(process.env.CI) && ['darwin', 'win32'].includes(process.platform)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7974c87fcad87c8e Filesystem access.
repo/packages/client/src/__tests__/integration/happy/not-so-exhaustive-schema-mongo/dmmf-types.test.ts:17
  const datamodel = fs.readFileSync(path.join(__dirname, 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f8166e560e2d3b3d Filesystem access.
repo/packages/client/src/__tests__/integration/happy/not-so-exhaustive-schema-mongo/dmmf-types.test.ts:21
  fs.writeFileSync(
    dmmfFile,
    `import type * as DMMF from '@prisma/dmmf'

  const dmmf: DMMF.Document = ${JSON.stringify(dmmf, null, 2)}`,
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c6871937932b9b13 Filesystem access.
repo/packages/client/src/__tests__/integration/happy/not-so-exhaustive-schema/common.ts:1
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ab9690c239f3a313 Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/not-so-exhaustive-schema/common.ts:6
const isMacOrWindowsCI = Boolean(process.env.CI) && ['darwin', 'win32'].includes(process.platform)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3be6c003a3608bd9 Filesystem access.
repo/packages/client/src/__tests__/integration/happy/not-so-exhaustive-schema/common.ts:20
  const generatedTypeScript = fs.readFileSync(path.join(clientDir, './node_modules/.prisma/client/index.d.ts'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #364a9dbabdf444d5 Filesystem access.
repo/packages/client/src/__tests__/integration/happy/not-so-exhaustive-schema/common.ts:21
  const generatedBrowserJS = fs.readFileSync(
    path.join(clientDir, './node_modules/.prisma/client/index-browser.js'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9059f761965b6376 Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/not-so-exhaustive-schema/dmmf-types.test.ts:8
const isMacOrWindowsCI = Boolean(process.env.CI) && ['darwin', 'win32'].includes(process.platform)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b7a33e1fbe0ba090 Filesystem access.
repo/packages/client/src/__tests__/integration/happy/not-so-exhaustive-schema/dmmf-types.test.ts:17
  const datamodel = fs.readFileSync(path.join(__dirname, 'schema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3bdbd6b3521ba302 Filesystem access.
repo/packages/client/src/__tests__/integration/happy/not-so-exhaustive-schema/dmmf-types.test.ts:21
  fs.writeFileSync(
    dmmfFile,
    `import type * as DMMF from '@prisma/dmmf'

  const dmmf: DMMF.Document = ${JSON.stringify(dmmf, null, 2)}`,
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1db7fbb2fd6e72c4 Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/postgres-json-list/test.ts:8
  process.env.DATABASE_URL = process.env.TEST_POSTGRES_URI!.replace('tests', 'tests-json-postgres')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c483ab9a69ce03fe Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/postgres-json-list/test.ts:9
  await tearDownPostgres(process.env.DATABASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b05a2c99c8470706 Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/referentialActions-onDelete-cascade-mysql/test.ts:11
    process.env.DATABASE_URL = process.env.TEST_MYSQL_URI!.replace('tests', 'tests-referentialActions-onDelete-Cascade')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #41c4fb8e83421034 Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/referentialActions-onDelete-cascade-mysql/test.ts:12
    await tearDownMysql(process.env.DATABASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #693096c77878d89b Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/referentialActions-onDelete-cascade-postgresql/test.ts:11
    process.env.DATABASE_URL = process.env.TEST_POSTGRES_URI!.replace(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #09e0bdd9e3f65818 Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/referentialActions-onDelete-cascade-postgresql/test.ts:15
    await tearDownPostgres(process.env.DATABASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #09822eace027aa0e Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/referentialActions-onDelete-cascade-sqlserver/test.ts:9
describeIf(!process.env.TEST_SKIP_MSSQL)('referentialActions(sqlserver)', () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #65ecd8efcb3805f3 Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/referentialActions-onDelete-cascade-sqlserver/test.ts:11
    if (!process.env.TEST_MSSQL_JDBC_URI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #79d421a79529298e Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/scalar-list/test.ts:8
  process.env.DATABASE_URL = process.env.TEST_POSTGRES_URI!.replace('tests', 'tests-scalar-list-test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #16e5b59d0a9b7f8b Environment-variable access.
repo/packages/client/src/__tests__/integration/happy/scalar-list/test.ts:9
  await tearDownPostgres(process.env.DATABASE_URL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #657cc8b607dbcbd2 Filesystem access.
repo/packages/client/src/__tests__/integration/happy/sqlite-variable-limit/test.ts:5
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7bc4dd5f33aed11f Filesystem access.
repo/packages/client/src/__tests__/integration/happy/transaction/test.ts:3
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c226e530535c7922 Filesystem access.
repo/packages/client/src/__tests__/integration/happy/uncheckedScalarInputs/test.ts:1
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a44fac483cc74214 Filesystem access.
repo/packages/client/src/__tests__/typeDeclaration.test.ts:1
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5caeed26bae63fe9 Filesystem access.
repo/packages/client/src/__tests__/typeDeclaration.test.ts:10
      const dtsContents = fs.readFileSync(path.join(runtimeDir, file), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #741ae96cfa56a706 Environment-variable access.
repo/packages/client/src/__tests__/validatePrismaClientOptions.test.ts:15
    globalEngineTypeOverride = process.env.PRISMA_CLIENT_ENGINE_TYPE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #65c0272c14d198f4 Environment-variable access.
repo/packages/client/src/__tests__/validatePrismaClientOptions.test.ts:16
    delete process.env.PRISMA_CLIENT_ENGINE_TYPE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #18a6383bd1122cce Environment-variable access.
repo/packages/client/src/__tests__/validatePrismaClientOptions.test.ts:21
      process.env.PRISMA_CLIENT_ENGINE_TYPE = globalEngineTypeOverride

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d324503851de5c32 Environment-variable access.
repo/packages/client/src/runtime/RequestHandler.ts:171
    if (process.env.PRISMA_CLIENT_GET_TIME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ca7fc630d8a770b5 Environment-variable access.
repo/packages/client/src/runtime/core/engines/accelerate/getUrlAndApiKey.ts:52
  if (process.env.TEST_CLIENT_ENGINE_REMOTE_EXECUTOR && url.searchParams.has('use_http')) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ee2b4b57380d759 Environment-variable access.
repo/packages/client/src/runtime/getPrismaClient.ts:463
        } else if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a286eedb44434cb Environment-variable access.
repo/packages/client/src/runtime/getPrismaClient.ts:465
        } else if (process.env.NO_COLOR) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4e47e2fbe5b875f Filesystem access.
repo/packages/client/src/runtime/utils/SourceFileSlice.ts:1
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd0a227a1e5570d9 Filesystem access.
repo/packages/client/src/runtime/utils/SourceFileSlice.ts:22
      content = fs.readFileSync(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b6f17ffd34bd864b Environment-variable access.
repo/packages/client/src/runtime/utils/createErrorMessageWithContext.ts:86
  if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8f27dcd744e7cd6d Filesystem access.
repo/packages/client/src/utils/setupMSSQL.ts:1
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c4791fa7075fd358 Filesystem access.
repo/packages/client/src/utils/setupMSSQL.ts:30
  const schema = fs.readFileSync(path.join(dirname, 'setup.sql'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ca6512f05d51b0ae Filesystem access.
repo/packages/client/src/utils/setupMysql.ts:2
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e533bece402141fe Filesystem access.
repo/packages/client/src/utils/setupMysql.ts:14
  const schema = fs.readFileSync(path.join(dirname, 'setup.sql'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4eb4af29c647d64c Filesystem access.
repo/packages/client/src/utils/setupPostgres.ts:2
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1fee8bdc15456c84 Filesystem access.
repo/packages/client/src/utils/setupPostgres.ts:14
  const schema = fs.readFileSync(path.join(dirname, 'setup.sql'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/client-generator-js

npm first-party
expand_more 9 low-confidence finding(s)
low env_fs production #2af7c08c34e90f98 Filesystem access.
repo/packages/client-generator-js/src/generateClient.ts:13
import fs from 'fs/promises'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7aa4aa2eaee173f Filesystem access.
repo/packages/client-generator-js/src/generateClient.ts:378
  await fs.writeFile(schemaTargetPath, datamodel, { encoding: 'utf-8' })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ffc2bd7e331eae6 Filesystem access.
repo/packages/client-generator-js/src/generateClient.ts:393
    await fs.writeFile(path.join(outputDir, `${filename}.wasm`), Buffer.from(wasmBase64, 'base64'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a17d070125891d60 Filesystem access.
repo/packages/client-generator-js/src/generateClient.ts:403
    await fs.writeFile(signalsPath, Date.now().toString())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #04f9c5ba77dc2d49 Filesystem access.
repo/packages/client-generator-js/src/generateClient.ts:416
        await fs.writeFile(absolutePath, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ade5f5ad24bfe07 Filesystem access.
repo/packages/client-generator-js/src/generateClient.ts:559
    content = await fs.readFile(path.join(directory, 'package.json'), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2acbccb289c72cc4 Filesystem access.
repo/packages/client-generator-js/src/generateClient.ts:633
        const content = await fs.readFile(sourcePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0f3281c292d1c7c Filesystem access.
repo/packages/client-generator-js/src/generateClient.ts:634
        await fs.writeFile(targetPath, addPreamble(content))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #646d826415017628 Environment-variable access.
repo/packages/client-generator-js/src/generator.ts:80
      copyRuntimeSourceMaps: Boolean(process.env.PRISMA_COPY_RUNTIME_SOURCEMAPS),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/client-generator-ts

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs production #351d2f903f5a5d98 Environment-variable access.
repo/packages/client-generator-ts/src/file-extensions.ts:15
  if (!recommended.includes(extension) && !process.env.PRISMA_DISABLE_WARNINGS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #16aff9d80ddd6d68 Filesystem access.
repo/packages/client-generator-ts/src/generateClient.ts:245
        await fs.writeFile(absolutePath, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f2ed4a66dd149f5 Filesystem access.
repo/packages/client-generator-ts/src/utils/wasm.ts:125
    return fs.readFileSync(bundledLocation)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ab1d10a0290e003 Filesystem access.
repo/packages/client-generator-ts/src/utils/wasm.ts:129
    return fs.readFileSync(sourceLocation)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/config

npm first-party
expand_more 15 low-confidence finding(s)
low env_fs test-only #2f7b78c147298dab Environment-variable access.
repo/packages/config/src/__tests__/env.test.ts:6
const originalValue = process.env[VAR_NAME]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ca75f3ba59ffe0a0 Environment-variable access.
repo/packages/config/src/__tests__/env.test.ts:10
    delete process.env[VAR_NAME]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #aee6e0f57bfc6572 Environment-variable access.
repo/packages/config/src/__tests__/env.test.ts:15
      delete process.env[VAR_NAME]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #263c4e2c510005a9 Environment-variable access.
repo/packages/config/src/__tests__/env.test.ts:17
      process.env[VAR_NAME] = originalValue

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0a3b4bfcedd457c3 Environment-variable access.
repo/packages/config/src/__tests__/env.test.ts:22
    process.env[VAR_NAME] = 'postgresql://example'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #180df11df4e2f703 Environment-variable access.
repo/packages/config/src/__tests__/env.test.ts:34
    process.env[VAR_NAME] = ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5adb6d1c477b6db0 Environment-variable access.
repo/packages/config/src/__tests__/fixtures/loadConfigFromFile/datasource-url-undefined/prisma.config.ts:5
    url: process.env['UNDEFINED_VARIABLE'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #82960349f29c9c5f Filesystem access.
repo/packages/config/src/__tests__/fixtures/loadConfigFromFile/env-load-esm/prisma.config.ts:7
const env = await fs.readFile('.env', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ac92348781e00d13 Environment-variable access.
repo/packages/config/src/__tests__/fixtures/loadConfigFromFile/env-load-esm/prisma.config.ts:21
  process.env[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7f97cbc6df02a0ca Environment-variable access.
repo/packages/config/src/__tests__/loadConfigFromFile.test.ts:742
      expect(process.env.TEST_CONNECTION_STRING).toBeUndefined()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b235e55e81613c76 Environment-variable access.
repo/packages/config/src/__tests__/loadConfigFromFile.test.ts:753
      expect(process.env.TEST_CONNECTION_STRING).toEqual('postgres://test-connection-string-from-env-cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a4f51c1a758d534a Environment-variable access.
repo/packages/config/src/__tests__/loadConfigFromFile.test.ts:765
      expect(process.env.TEST_CONNECTION_STRING).toEqual('postgres://test-connection-string-from-env-esm')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cfacfed4bfa3eb9d Environment-variable access.
repo/packages/config/src/env.ts:15
  const value = process.env[name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c982c1273b0639f Environment-variable access.
repo/packages/config/vitest.setup.ts:13
  process.env['JITI_ALIAS'] = JSON.stringify({

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa24238603beb2ce Environment-variable access.
repo/packages/config/vitest.setup.ts:19
  delete process.env['JITI_ALIAS']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/credentials-store

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs production #86a534ca096c292e Filesystem access.
repo/packages/credentials-store/src/index.ts:1
import { chmod, mkdir, readFile, writeFile } from 'fs/promises'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c055a2620f02709f Environment-variable access.
repo/packages/credentials-store/src/index.ts:31
      process.env.PRISMA_PLATFORM_AUTH_FILE ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #31e2948a38bb88f9 Filesystem access.
repo/packages/credentials-store/src/index.ts:38
      const content = await readFile(this.authFilePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #436195ed715df5cc Filesystem access.
repo/packages/credentials-store/src/index.ts:82
    await writeFile(this.authFilePath, JSON.stringify(data, null, 2), { mode: 0o600 })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/debug

npm first-party
expand_more 35 low-confidence finding(s)
low env_fs test-only #b4d5c3465e871239 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:13
  delete process.env.DEBUG

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #08bfd365b79845d4 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:14
  delete process.env.DEBUG_COLORS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #25289615d2041575 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:29
  process.env.DEBUG = 'test'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ca48a99b30dbe6bf Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:30
  process.env.DEBUG_COLORS = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #72b6e7723acce478 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:43
  process.env.DEBUG = 'test2'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #70f1a1f4afa43486 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:44
  process.env.FORCE_COLOR = 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bd9c8756c2cf0875 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:45
  process.env.DEBUG_COLORS = 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9531dc06ad583feb Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:59
  process.env.DEBUG = 'test3:*:*:*'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8957a35ebbf40d94 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:60
  process.env.DEBUG_COLORS = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #61cb40c07a9077d8 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:73
  process.env.DEBUG = 'test4:*:query-engine:*'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d2546a67fe36ca9b Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:74
  process.env.DEBUG_COLORS = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6d8da14df8bd4487 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:89
  process.env.DEBUG = 'test5:*:*'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d0dc6c0dcbefb696 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:90
  process.env.DEBUG_COLORS = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f35cac8f93a1ca2f Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:106
  process.env.DEBUG = 'test6:client:*'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #68ba810ae269b532 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:107
  process.env.DEBUG_COLORS = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #184cb9f0b2d87139 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:122
  process.env.DEBUG = 'test7:*:*,-test7:*:*:init'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a60769a83a21fc65 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:123
  process.env.DEBUG_COLORS = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #857d4600a1c86f64 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:138
  process.env.DEBUG = 'test8:*:*,-test8:*:*:init,-test8:pool:*'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2a3dbe3daa53ba88 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:139
  process.env.DEBUG_COLORS = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4039980818976335 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:153
  process.env.DEBUG = 'test9:client'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3c270b1aea3a7f8e Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:154
  process.env.DEBUG_COLORS = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e888a1b3b6730046 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:169
  process.env.DEBUG = 'test10:client'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2c8b95c7c2cec8b6 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:170
  process.env.DEBUG_COLORS = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #282bbc0f46387ce8 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:195
  process.env.DEBUG = 'test11:client'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7d43fdefa30733d3 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:196
  process.env.DEBUG_COLORS = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #80e5daf4a8e3c804 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:210
  process.env.DEBUG = 'test12:client*'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #82fd0cc24c3f0faa Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:211
  process.env.DEBUG_COLORS = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #31b293a3ba86b8b7 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:228
  process.env.DEBUG = 'test13:client*init'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4b55e2967c169df3 Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:229
  process.env.DEBUG_COLORS = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #81024bcd0511a99a Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:249
  process.env.DEBUG = 'test14:*:query-engine:*,-*init,*:result'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c6b0656349a37f0e Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:250
  process.env.DEBUG_COLORS = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9cbe4d782ed4094d Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:271
  process.env.DEBUG = 'test15:\\w+'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e07e7b45bd5b121e Environment-variable access.
repo/packages/debug/src/__tests__/debug.extended.test.ts:272
  process.env.DEBUG_COLORS = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #59fe5c144026f53f Environment-variable access.
repo/packages/debug/src/__tests__/env-disabled.test.ts:9
    process.env.DEBUG = ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e28e11c3e6c9118a Environment-variable access.
repo/packages/debug/src/__tests__/env-enabled.test.ts:9
    process.env.DEBUG = 'my-namespace'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/engines

npm first-party
expand_more 8 low-confidence finding(s)
low env_fs production #c11b0855c2f6e976 Environment-variable access.
repo/packages/engines/src/index.ts:26
  const binaryTargets = process.env.PRISMA_CLI_BINARY_TARGETS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4d2b6bb209b544d Environment-variable access.
repo/packages/engines/src/index.ts:27
    ? (process.env.PRISMA_CLI_BINARY_TARGETS.split(',') as BinaryTarget[])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #64f16348cd21bde2 Filesystem access.
repo/packages/engines/src/scripts/localinstall.ts:5
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d6faaf5eb810b855 Filesystem access.
repo/packages/engines/src/scripts/postinstall.ts:5
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5b633b5e132c447 Filesystem access.
repo/packages/engines/src/scripts/postinstall.ts:16
  if (fs.existsSync(lockFile) && parseInt(fs.readFileSync(lockFile, 'utf-8'), 10) > Date.now() - 20_000) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1e748f6400476c15 Environment-variable access.
repo/packages/engines/src/scripts/postinstall.ts:21
    if (process.env.PRISMA_CLI_BINARY_TARGETS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d98678ebf0c5ceca Environment-variable access.
repo/packages/engines/src/scripts/postinstall.ts:22
      binaryTargets = process.env.PRISMA_CLI_BINARY_TARGETS.split(',')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #73b02940e1d0e8a3 Filesystem access.
repo/packages/engines/src/scripts/postinstall.ts:43
  fs.writeFileSync(lockFile, Date.now().toString())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/fetch-engine

npm first-party
expand_more 28 low-confidence finding(s)
low env_fs test-only #a379d4a4e9644555 Environment-variable access.
repo/packages/fetch-engine/src/__tests__/download.test.ts:25
const usesCustomEngines = process.env.PRISMA_SCHEMA_ENGINE_BINARY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6b88645ca9abc32b Environment-variable access.
repo/packages/fetch-engine/src/download.ts:119
  if (process.env.BINARY_DOWNLOAD_VERSION) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #37a769b3e5617ccb Environment-variable access.
repo/packages/fetch-engine/src/download.ts:120
    debug(`process.env.BINARY_DOWNLOAD_VERSION is set to "${process.env.BINARY_DOWNLOAD_VERSION}"`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e88e37821a9cd21 Environment-variable access.
repo/packages/fetch-engine/src/download.ts:121
    opts.version = process.env.BINARY_DOWNLOAD_VERSION

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7d8d6be96078ad55 Filesystem access.
repo/packages/fetch-engine/src/download.ts:274
      const sha256File = await fs.promises.readFile(sha256FilePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a25ae4516a1dea05 Environment-variable access.
repo/packages/fetch-engine/src/download.ts:295
    } else if (process.env.PRISMA_ENGINES_CHECKSUM_IGNORE_MISSING) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2429757794fdc049 Filesystem access.
repo/packages/fetch-engine/src/download.ts:441
      await fs.promises.writeFile(cachedSha256Path, sha256)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8acc6db6d327fc41 Filesystem access.
repo/packages/fetch-engine/src/download.ts:444
      await fs.promises.writeFile(cachedSha256ZippedPath, zippedSha256)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ccfd7984d5b2c6f9 Filesystem access.
repo/packages/fetch-engine/src/download.ts:460
    const data = await fs.promises.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4446d4e5bed3bb58 Filesystem access.
repo/packages/fetch-engine/src/download.ts:461
    await fs.promises.writeFile(target, data)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #38050683525355e4 Environment-variable access.
repo/packages/fetch-engine/src/downloadZip.ts:32
      if (!process.env.PRISMA_ENGINES_CHECKSUM_IGNORE_MISSING) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83a8d569b845ba71 Environment-variable access.
repo/packages/fetch-engine/src/downloadZip.ts:49
    if (process.env.PRISMA_ENGINES_CHECKSUM_IGNORE_MISSING) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5ddca301dfd3141a Environment-variable access.
repo/packages/fetch-engine/src/env.ts:27
  if (process.env[envVar]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #abd9981929d29591 Environment-variable access.
repo/packages/fetch-engine/src/env.ts:28
    const envVarPath = path.resolve(process.cwd(), process.env[envVar]!)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e88f3df89addb106 Environment-variable access.
repo/packages/fetch-engine/src/env.ts:31
        `Env var ${bold(envVar)} is provided but provided path ${underline(process.env[envVar]!)} can't be resolved.`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7fad64685a3f4c96 Environment-variable access.
repo/packages/fetch-engine/src/env.ts:36
        process.env[envVar]!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #77c5d109cee3bbe1 Environment-variable access.
repo/packages/fetch-engine/src/env.ts:52
  if (deprecatedEnvVar && process.env[deprecatedEnvVar]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5da0ea7851b7e66 Environment-variable access.
repo/packages/fetch-engine/src/env.ts:53
    if (process.env[envVar]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aaf384a5e5cd29b1 Environment-variable access.
repo/packages/fetch-engine/src/getProxyAgent.ts:54
  const noProxy = process.env.NO_PROXY || process.env.no_proxy || ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4787449b86b79873 Environment-variable access.
repo/packages/fetch-engine/src/getProxyAgent.ts:70
    const httpProxy = process.env.HTTP_PROXY || process.env.http_proxy || null

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1fca78e0b795b818 Environment-variable access.
repo/packages/fetch-engine/src/getProxyAgent.ts:77
      process.env.HTTPS_PROXY || process.env.https_proxy || process.env.HTTP_PROXY || process.env.http_proxy || null

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a20d4e207f9471c1 Environment-variable access.
repo/packages/fetch-engine/src/utils.ts:18
    if (process.env.APPDATA) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #14a0ea880b477081 Environment-variable access.
repo/packages/fetch-engine/src/utils.ts:19
      return path.join(process.env.APPDATA, 'Prisma')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e1d503390b6d2c5 Environment-variable access.
repo/packages/fetch-engine/src/utils.ts:23
  if (process.env.AWS_LAMBDA_FUNCTION_VERSION) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4be078eff01fefe0 Environment-variable access.
repo/packages/fetch-engine/src/utils.ts:31
  return process.env.XDG_CACHE_HOME

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0f8b5858b5476076 Environment-variable access.
repo/packages/fetch-engine/src/utils.ts:32
    ? path.join(process.env.XDG_CACHE_HOME, 'prisma')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b1174a2c7cf4fb7f Environment-variable access.
repo/packages/fetch-engine/src/utils.ts:68
    process.env.PRISMA_BINARIES_MIRROR || // TODO: remove this

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f62c638b05ec6f31 Environment-variable access.
repo/packages/fetch-engine/src/utils.ts:69
    process.env.PRISMA_ENGINES_MIRROR ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/get-dmmf

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #372c37bc650f3e93 Environment-variable access.
repo/packages/get-dmmf/src/index.ts:32
    noColor: Boolean(process.env.NO_COLOR),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4031f3e1a6e5c5ac Environment-variable access.
repo/packages/get-dmmf/src/index.ts:37
    if (process.env.FORCE_PANIC_GET_DMMF) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/get-platform

npm first-party
expand_more 7 low-confidence finding(s)
low env_fs production #f339fb661f2b937b Filesystem access.
repo/packages/get-platform/src/getPlatform.ts:3
import fs from 'fs/promises'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #26fbceab6f06b100 Filesystem access.
repo/packages/get-platform/src/getPlatform.ts:232
    const osReleaseInput = await fs.readFile(osReleaseFile, { encoding: 'utf-8' })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9ad5821150c8d64e Environment-variable access.
repo/packages/get-platform/src/logger.ts:7
  warn: () => !process.env.PRISMA_DISABLE_WARNINGS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #67040bcc14773f21 Environment-variable access.
repo/packages/get-platform/src/test-utils/jestSnapshotSerializer.js:37
  if (process.env.TEMP) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #427ed22ea8d215ee Environment-variable access.
repo/packages/get-platform/src/test-utils/jestSnapshotSerializer.js:38
    const escapedPath = process.env.TEMP.replaceAll('\\', '\\\\')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3be4bbde53bb773a Environment-variable access.
repo/packages/get-platform/src/test-utils/vitest-snapshot-serializer.ts:38
  if (process.env.TEMP) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #28d2462109a00692 Environment-variable access.
repo/packages/get-platform/src/test-utils/vitest-snapshot-serializer.ts:39
    const escapedPath = process.env.TEMP.replaceAll('\\', '\\\\')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/instrumentation

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #e404ff01a7a05d8e Environment-variable access.
repo/packages/instrumentation/src/ActiveTracingHelper.ts:21
const showAllTraces = process.env.PRISMA_SHOW_ALL_TRACES === 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/integration-tests

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs test-only #169d2ae53c71b195 Environment-variable access.
repo/packages/integration-tests/src/__tests__/integration/mariadb/__database.ts:35
  const connectionString = process.env.TEST_MARIADB_URI!.replace('tests', ctx.id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #96b46124302c10fc Environment-variable access.
repo/packages/integration-tests/src/__tests__/integration/mssql/__database.ts:34
  const serviceConnectionString = process.env.TEST_MSSQL_URI!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6bd518b4277036ce Environment-variable access.
repo/packages/integration-tests/src/__tests__/integration/mysql/__database.ts:34
  const connectionString = process.env.TEST_MYSQL_URI!.replace('tests', ctx.id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f52b1d352c152ccd Environment-variable access.
repo/packages/integration-tests/src/__tests__/integration/postgresql/__database.ts:28
  return process.env.TEST_POSTGRES_URI + `?schema=${ctx.id}&connection_limit=1`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/internals

npm first-party
expand_more 98 low-confidence finding(s)
low env_fs production #0dbfae4c03857f60 Filesystem access.
repo/packages/internals/helpers/build.ts:2
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ec808db35bdcb51 Filesystem access.
repo/packages/internals/src/WasmSchemaEngineLoader.ts:10
  const schemaEngineWasmFileBytes = await fs.readFile(schemaEngineWasmFilePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #719af8a52423f1bc Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/formatSchema.test.ts:12
if (process.env.CI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6ed977489dc0ce09 Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/getConfig.test.ts:64
    process.env.TEST_POSTGRES_URI_FOR_DATASOURCE = 'postgres://user:password@something:5432/db'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4eb46c0ea62559f0 Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/getDmmf.test.ts:13
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bc792cc0d053b4db Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/getDmmf.test.ts:19
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #042f720e1a3f8ddf Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/getDmmf.test.ts:21
      process.env[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2186fab2f6d03be5 Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/getDmmf.test.ts:26
if (process.env.CI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cd6aefb4560f0f2e Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/getDmmf.test.ts:41
      delete process.env.NO_COLOR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #48aed74b8210bb93 Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/getDmmf.test.ts:42
      process.env.FORCE_COLOR = '0'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #83a70433b6144a55 Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/getDmmf.test.ts:43
      process.env.CI = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6ee57d6fc103de55 Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/getDmmf.test.ts:83
      process.env.NO_COLOR = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7d2b3ba3b7fbb76c Filesystem access.
repo/packages/internals/src/__tests__/engine-commands/getDmmf.test.ts:528
      const file = await fs.promises.readFile(path.join(fixturesPath, 'chinook.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0a919cc798c8f9ae Filesystem access.
repo/packages/internals/src/__tests__/engine-commands/getDmmf.test.ts:537
      const file = await fs.promises.readFile(path.join(fixturesPath, 'odoo.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #30f81c2b71a19e1c Filesystem access.
repo/packages/internals/src/__tests__/engine-commands/getDmmf.test.ts:546
      const file = await fs.promises.readFile(path.join(fixturesPath, 'bigschema.prisma'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f5648c83c8dbe59f Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/getEngineVersion.test.ts:9
  testIf(!process.env.PRISMA_SCHEMA_ENGINE_BINARY)('Schema Engine', async () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f764c0d8ad375eca Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/validate.test.ts:15
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #87e144eb2d9d1fc9 Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/validate.test.ts:21
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8d9e44c280459338 Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/validate.test.ts:23
      process.env[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #36c1823427a9f662 Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/validate.test.ts:29
  testTimeout: process.env.CI ? 60_000 : 10_000,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d48098da48e8cf75 Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/validate.test.ts:42
      delete process.env.NO_COLOR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #44769b3ae669432a Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/validate.test.ts:43
      process.env.FORCE_COLOR = '0'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ac0565af4306868d Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/validate.test.ts:44
      process.env.CI = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #66bf15affeba5e74 Environment-variable access.
repo/packages/internals/src/__tests__/engine-commands/validate.test.ts:85
      process.env.NO_COLOR = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #49b4333f736bdc52 Environment-variable access.
repo/packages/internals/src/__tests__/getGenerators/getGenerators.test.ts:16
  testTimeout: process.env.CI ? 60_000 : 20_000,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #63669526174d6e5b Environment-variable access.
repo/packages/internals/src/__tests__/getGenerators/getGenerators.test.ts:52
    delete process.env.BINARY_TARGETS_ENV_VAR_TEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dd6f7cda7266f3da Environment-variable access.
repo/packages/internals/src/__tests__/getGenerators/getGenerators.test.ts:212
    process.env.BINARY_TARGETS_ENV_VAR_TEST = '"native"'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a251fe20b2aa7a3a Environment-variable access.
repo/packages/internals/src/__tests__/getGenerators/getGenerators.test.ts:295
    process.env.BINARY_TARGETS_ENV_VAR_TEST = '["native"]'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f0bcaabead0c9c23 Environment-variable access.
repo/packages/internals/src/__tests__/getGenerators/getGenerators.test.ts:378
    process.env.BINARY_TARGETS_ENV_VAR_TEST =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a5af9a0c825a98b8 Environment-variable access.
repo/packages/internals/src/__tests__/getGenerators/getGenerators.test.ts:477
    process.env.BINARY_TARGETS_ENV_VAR_TEST = '["linux-musl"]'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #acfd8e525764433c Environment-variable access.
repo/packages/internals/src/__tests__/getPackedPackage.test.ts:8
const isMacOrWindowsCI = Boolean(process.env.CI) && ['darwin', 'win32'].includes(process.platform)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #34394e7ece9910ba Environment-variable access.
repo/packages/internals/src/__tests__/getSchema.test.ts:9
if (process.env.CI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #94100a92ed041102 Environment-variable access.
repo/packages/internals/src/__tests__/getSchema.test.ts:15
process.env.npm_config_user_agent = 'yarn/1.22.4 npm/? node/v12.18.3 darwin x64'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #997c442468163e4a Environment-variable access.
repo/packages/internals/src/__tests__/handlePanic.test.ts:51
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #98c53a841ceac3d5 Environment-variable access.
repo/packages/internals/src/__tests__/handlePanic.test.ts:57
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9196f38b766863ee Environment-variable access.
repo/packages/internals/src/__tests__/handlePanic.test.ts:59
      process.env[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1c147d5a48073dd9 Environment-variable access.
repo/packages/internals/src/__tests__/handlePanic.test.ts:76
    process.env.GITHUB_ACTIONS = 'true' // simulate CI environment

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #02399e6a75a8652c Environment-variable access.
repo/packages/internals/src/__tests__/schemaEngineCommands.test.ts:8
if (process.env.CI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #01749c88c0e16486 Environment-variable access.
repo/packages/internals/src/__tests__/schemaEngineCommands.test.ts:69
  testIf(!process.env.PRISMA_SCHEMA_ENGINE_BINARY)(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #80df6cf83d3fa497 Environment-variable access.
repo/packages/internals/src/__tests__/schemaEngineCommands.test.ts:85
    const uri = process.env.TEST_POSTGRES_URI!.replace('tests', 'tests-createDatabase')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #672c2db5268c953a Environment-variable access.
repo/packages/internals/src/__tests__/schemaEngineCommands.test.ts:105
    const uri = process.env.TEST_POSTGRES_URI!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0888603210aede42 Environment-variable access.
repo/packages/internals/src/__tests__/schemaEngineCommands.test.ts:113
    const uri = process.env.TEST_MYSQL_URI!.replace('tests', 'tests-createDatabase')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #29d3b75715ae2015 Environment-variable access.
repo/packages/internals/src/__tests__/schemaEngineCommands.test.ts:124
    const uri = process.env.TEST_MYSQL_URI!.replace('tests', 'tests-createDatabase-already-exists')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1676291d58ad71d1 Environment-variable access.
repo/packages/internals/src/__tests__/schemaEngineCommands.test.ts:136
  testIf(!process.env.TEST_SKIP_MSSQL)('sqlserver - create database', async () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f995598c78eadc44 Environment-variable access.
repo/packages/internals/src/__tests__/schemaEngineCommands.test.ts:137
    if (!process.env.TEST_MSSQL_JDBC_URI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6594f8232de134c2 Environment-variable access.
repo/packages/internals/src/__tests__/schemaEngineCommands.test.ts:140
    const connectionString = process.env.TEST_MSSQL_JDBC_URI.replace(/database=(.*?);/, 'database=can-create-a-db;')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f311e277629858ee Environment-variable access.
repo/packages/internals/src/__tests__/schemaEngineCommands.test.ts:147
  testIf(!process.env.TEST_SKIP_MSSQL)('sqlserver - database already exists', async () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6ff750373d92101e Environment-variable access.
repo/packages/internals/src/__tests__/schemaEngineCommands.test.ts:148
    if (!process.env.TEST_MSSQL_JDBC_URI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b9b71fcdcd03944e Environment-variable access.
repo/packages/internals/src/__tests__/schemaEngineCommands.test.ts:151
    const connectionString = process.env.TEST_MSSQL_JDBC_URI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #545374629a9af884 Filesystem access.
repo/packages/internals/src/cli/getSchema.ts:10
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56d884455dcb8f90 Environment-variable access.
repo/packages/internals/src/engine-commands/formatSchema.ts:17
  if (process.env.FORCE_PANIC_PRISMA_SCHEMA) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #00f8756cd07f7cf4 Environment-variable access.
repo/packages/internals/src/engine-commands/getConfig.ts:78
        if (process.env.FORCE_PANIC_GET_CONFIG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eefc857cf55244f7 Environment-variable access.
repo/packages/internals/src/engine-commands/getConfig.ts:172
    if (binaryTarget.fromEnvVar && process.env[binaryTarget.fromEnvVar]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #177de0c3da4c8b27 Environment-variable access.
repo/packages/internals/src/engine-commands/getConfig.ts:173
      const value = JSON.parse(process.env[binaryTarget.fromEnvVar]!)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5eedc8933816616 Filesystem access.
repo/packages/internals/src/engine-commands/queryEngineCommons.ts:4
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de8ecfe8d29d745d Environment-variable access.
repo/packages/internals/src/engine-commands/validate.ts:58
        if (process.env.FORCE_PANIC_GET_DMMF) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a8d5e795e8c52464 Environment-variable access.
repo/packages/internals/src/engine-commands/validate.ts:65
          noColor: Boolean(process.env.NO_COLOR),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #7f8c62a9c1d30923 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/internals/src/errorReporting.ts:69
  return await fetch(url, {
    method: 'POST',
    agent: getProxyAgent(url),
    body,
    headers: {
      Accept: 'application/json',
      'Content-Type': 'application/json',
    },
  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #56e88e6f5a8ebde9 Environment-variable access.
repo/packages/internals/src/get-generators/utils/getBinaryPathsByVersion.ts:46
    if (process.env.NETLIFY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52076eef061461b7 Filesystem access.
repo/packages/internals/src/getPackedPackage.ts:2
import fs, { readFileSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18496b908d88b0d1 Filesystem access.
repo/packages/internals/src/getPackedPackage.ts:16
      const pkgJson = JSON.parse(readFileSync(pkgPath, { encoding: 'utf-8' }))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c69e46c10e36538e Environment-variable access.
repo/packages/internals/src/logger.ts:10
  warn: () => !process.env.PRISMA_DISABLE_WARNINGS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #585a92b8e8bfb7a4 Filesystem access.
repo/packages/internals/src/resolveBinary.ts:5
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d3eab461d0ad1697 Filesystem access.
repo/packages/internals/src/resolveBinary.ts:88
    const data = await fs.promises.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #46c31d78b4425711 Filesystem access.
repo/packages/internals/src/resolveBinary.ts:89
    await fs.promises.writeFile(target, data)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #533c69656a8b3e03 Filesystem access.
repo/packages/internals/src/resolveOutput.ts:1
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6158f9e8f6fabfd6 Environment-variable access.
repo/packages/internals/src/schemaEngineCommands.ts:188
          RUST_BACKTRACE: process.env.RUST_BACKTRACE ?? '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea686c20bdbe6e50 Environment-variable access.
repo/packages/internals/src/schemaEngineCommands.ts:189
          RUST_LOG: process.env.RUST_LOG ?? 'info',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1f0e280532855833 Environment-variable access.
repo/packages/internals/src/utils/__tests__/isCi.test.ts:11
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2a01ddd211f95e2d Environment-variable access.
repo/packages/internals/src/utils/__tests__/isCi.test.ts:17
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #24901025eb66cb6c Environment-variable access.
repo/packages/internals/src/utils/__tests__/isCi.test.ts:19
      process.env[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0a3b04417b9673f1 Environment-variable access.
repo/packages/internals/src/utils/__tests__/isCi.test.ts:36
      delete process.env.GITHUB_ACTIONS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fa54fa5d6bdda79d Environment-variable access.
repo/packages/internals/src/utils/__tests__/isCi.test.ts:37
      delete process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #effd1cc585b83146 Environment-variable access.
repo/packages/internals/src/utils/__tests__/isCi.test.ts:48
      delete process.env.GITHUB_ACTIONS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b08f7af5978f4be9 Environment-variable access.
repo/packages/internals/src/utils/__tests__/isCi.test.ts:49
      delete process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a340d3b2d5770fc0 Environment-variable access.
repo/packages/internals/src/utils/__tests__/isCi.test.ts:54
      process.env.CI = 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #48a6a6e87ac991c7 Environment-variable access.
repo/packages/internals/src/utils/__tests__/isCi.test.ts:59
      process.env.GITHUB_ACTIONS = 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6ae36bacadd23a1c Environment-variable access.
repo/packages/internals/src/utils/__tests__/isInteractive.test.ts:10
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a6dd2e47e24ed351 Environment-variable access.
repo/packages/internals/src/utils/__tests__/isInteractive.test.ts:16
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3b6e20c306cade2f Environment-variable access.
repo/packages/internals/src/utils/__tests__/isInteractive.test.ts:18
      process.env[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #095e5c0712f5bdd2 Environment-variable access.
repo/packages/internals/src/utils/__tests__/isInteractive.test.ts:38
      process.env.TERM = 'dumb'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #467eedacd37c33f2 Environment-variable access.
repo/packages/internals/src/utils/__tests__/isInteractive.test.ts:50
      process.env.TERM = 'dumb'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52172cb78c553757 Filesystem access.
repo/packages/internals/src/utils/chmodPlusX.ts:2
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee054aaf4b3f1811 Filesystem access.
repo/packages/internals/src/utils/fs-functional.ts:4
import fs from 'fs/promises'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10fd620677d7c327 Filesystem access.
repo/packages/internals/src/utils/fs-functional.ts:12
  TE.tryCatch(() => fsUtils.writeFile(params), createTaggedSystemError('fs-write-file', params))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d48a254b9bc8b8a Filesystem access.
repo/packages/internals/src/utils/fs-utils.ts:1
import fs from 'fs/promises'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5130ca7fde03f92a Filesystem access.
repo/packages/internals/src/utils/fs-utils.ts:21
  return fs.writeFile(path, content, { encoding: 'utf-8' })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #51a28e92590dfdac Filesystem access.
repo/packages/internals/src/utils/isCurrentBinInstalledGlobally.ts:1
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #20988ac8bf55d0c5 Environment-variable access.
repo/packages/internals/src/utils/isInContainer.ts:13
      process.env.KUBERNETES_SERVICE_HOST !== undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f0be89a690d6a1c Environment-variable access.
repo/packages/internals/src/utils/isInNpmLifecycleHook.ts:5
  return process.env.npm_lifecycle_event !== undefined && process.env.npm_command !== 'run-script'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72177f63a3cbc07e Environment-variable access.
repo/packages/internals/src/utils/isInteractive.ts:9
  return Boolean(stream && stream.isTTY && process.env.TERM !== 'dumb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1b06e20b0096ae1 Environment-variable access.
repo/packages/internals/src/utils/maybeInGitHook.ts:11
    process.env.GIT_EXEC_PATH !== undefined ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #260f808bc52589e9 Environment-variable access.
repo/packages/internals/src/utils/maybeInGitHook.ts:12
    process.env.GIT_DIR !== undefined ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bd28a2e5791dcbb2 Environment-variable access.
repo/packages/internals/src/utils/maybeInGitHook.ts:13
    process.env.GIT_INDEX_FILE !== undefined ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fdd997e259d2c665 Environment-variable access.
repo/packages/internals/src/utils/maybeInGitHook.ts:14
    process.env.GIT_PREFIX !== undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #30892c07fca80c4e Environment-variable access.
repo/packages/internals/src/utils/parseAWSNodejsRuntimeEnvVarVersion.ts:2
  const runtimeEnvVar = process.env.AWS_LAMBDA_JS_RUNTIME

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5c4ab4a2ffc3f0c Environment-variable access.
repo/packages/internals/src/utils/parseEnvValue.ts:13
    const value = process.env[object.fromEnvVar]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b66dca4e8f413d71 Environment-variable access.
repo/packages/internals/src/utils/parseEnvValue.ts:39
    const value = process.env[object.fromEnvVar]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/migrate

npm first-party
expand_more 161 low-confidence finding(s)
low env_fs production #148084bc09a223c0 Environment-variable access.
repo/packages/migrate/src/SchemaEngineCLI.ts:514
    if (process.env.FORCE_PANIC_SCHEMA_ENGINE && request.method !== 'getDatabaseVersion') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5be8ca8f0c68a309 Environment-variable access.
repo/packages/migrate/src/SchemaEngineWasm.ts:86
    if (process.env.FORCE_PANIC_SCHEMA_ENGINE && command !== 'debugPanic') return this.debugPanic()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b4e7d905e48c60ff Environment-variable access.
repo/packages/migrate/src/__tests__/Baseline.test.ts:20
    process.env.GITHUB_ACTIONS = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #eefe986ec6bcbb28 Filesystem access.
repo/packages/migrate/src/__tests__/DbDrop.test.ts:124
    await fs.writeFile(path.join(ctx.configDir(), 'dev.db'), '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b1857c6f5876ce28 Environment-variable access.
repo/packages/migrate/src/__tests__/DbDrop.test.ts:159
    process.env.GITHUB_ACTIONS = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #93e3d253aa6de53e Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:37
      fs.writeFileSync('script.sql', '-- noop')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6dc239531c886494 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:85
      fs.writeFileSync('script.js', 'Something for MongoDB')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #437d9b813ce580b8 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:123
      fs.writeFileSync('script.sql', sqlScript)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f8b9a000e77b0172 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:131
      fs.writeFileSync('script.sql', sqlScript)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #73994c492c54671a Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:139
      fs.writeFileSync(
        'script.sql',
        `-- start a transaction
BEGIN;

${sqlScript}

-- commit changes
COMMIT;`,
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b8e0f92bbe2e54ec Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:156
        fs.writeFileSync('script.sql', sqlScript)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #630e90e88b1ec425 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:165
        fs.writeFileSync('script.sql', sqlScript)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c8a9f0ba53558024 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:174
        fs.writeFileSync('script.sql', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9747d9e361492e30 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:185
        fs.writeFileSync('script.sql', '-- empty')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bb194105b34832a7 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:203
        fs.writeFileSync('script.sql', sqlScript)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5f65a5757e28ee28 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:216
      fs.writeFileSync('script.sql', 'DROP TABLE "test-doesnotexists";')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a75f6e8bfc33fe06 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:228
      fs.writeFileSync('script.sql', 'ThisisnotSQL,itshouldfail')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #07f3f3297450243a Environment-variable access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:239
    const connectionString = process.env.TEST_POSTGRES_URI_MIGRATE!.replace('tests-migrate', 'tests-migrate-db-execute')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #62ce68ece69ea42b Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:274
      fs.writeFileSync('script.sql', sqlScript)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d24d725a5a46f5e5 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:282
      fs.writeFileSync('script.sql', sqlScript)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0fe24d5c3eeb6ea0 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:290
      fs.writeFileSync(
        'script.sql',
        `-- start a transaction
BEGIN;

${sqlScript}

-- commit changes
COMMIT;`,
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d0a309f237d73417 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:307
      fs.writeFileSync('script.sql', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ebd32c16e433286d Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:320
      fs.writeFileSync(
        'script.sql',
        `-- Drop & Create & Drop
      DROP DATABASE IF EXISTS "test-dbexecute";
      CREATE DATABASE "test-dbexecute";
      DROP DATABASE "test-dbexecute";`,
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8ce0772bec4fdef4 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:339
      fs.writeFileSync('script.sql', '-- empty')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #75d045db1f5aa8be Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:358
      fs.writeFileSync('script.sql', '-- empty')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1cf027eddd4682cf Environment-variable access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:378
      if (process.env.CI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fc2a11eb64743f2a Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:382
      fs.writeFileSync('script.sql', '-- empty')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bc179fc9a54774b9 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:403
      fs.writeFileSync('script.sql', 'DROP DATABASE "test-doesnotexists";')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #df03ab85c05f71ec Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:420
      fs.writeFileSync('script.sql', 'ThisisnotSQLitshouldfail')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5a79b8d42b2193d1 Environment-variable access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:431
    if (!process.env.TEST_SKIP_COCKROACHDB && !process.env.TEST_COCKROACH_URI_MIGRATE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8e7a7be88258ac15 Environment-variable access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:436
    const connectionString = (process.env.TEST_COCKROACH_URI_MIGRATE || '').replace(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #904a90ce4eda3df9 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:474
      fs.writeFileSync('script.sql', sqlScript)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1a523f37c4698196 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:482
      fs.writeFileSync('script.sql', sqlScript)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4d4b0fb28a48e844 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:490
      fs.writeFileSync(
        'script.sql',
        `-- start a transaction
BEGIN;

${sqlScript}

-- commit changes
COMMIT;`,
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #59970d2d30b4e100 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:507
      fs.writeFileSync('script.sql', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d7b3798533538e12 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:518
      fs.writeFileSync(
        'script.sql',
        `-- Drop & Create & Drop
      DROP DATABASE IF EXISTS "test-dbexecute";
      CREATE DATABASE "test-dbexecute";
      DROP DATABASE "test-dbexecute";`,
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ffc7b2d9c8080a9d Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:536
      fs.writeFileSync('script.sql', '-- empty')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #23b2f924ebeb32a6 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:555
      fs.writeFileSync('script.sql', '-- empty')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6901296655b150c6 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:574
      fs.writeFileSync('script.sql', '-- empty')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9de6636acea0223c Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:594
      fs.writeFileSync('script.sql', 'ThisisnotSQLitshouldfail')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #525d60bf18701819 Environment-variable access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:608
    const connectionString = process.env.TEST_MYSQL_URI_MIGRATE!.replace('tests-migrate', 'tests-migrate-db-execute')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8d8a5338f92c461c Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:643
      fs.writeFileSync('script.sql', sqlScript)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #00e398b6f6974dc8 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:651
      fs.writeFileSync('script.sql', sqlScript)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f05227b6b47d74da Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:660
      fs.writeFileSync('script.sql', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f0e6004be20e4609 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:672
      fs.writeFileSync(
        'script.sql',
        `-- start a transaction
START TRANSACTION;

${sqlScript}

-- commit changes
COMMIT;`,
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e73a88c5f11cb7c8 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:690
      fs.writeFileSync('script.sql', '-- empty')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1461197e60f5f0a2 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:708
      fs.writeFileSync('script.sql', '-- empty')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3f8c866fb6631208 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:727
      fs.writeFileSync('script.sql', '-- empty')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9dfbffabf038474f Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:747
      fs.writeFileSync('script.sql', 'DROP DATABASE `test-doesnotexists`;')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #18329dcba1c51900 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:759
      fs.writeFileSync('script.sql', 'This is not SQL, it should fail')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #84185d97218ffd8e Environment-variable access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:770
    if (!process.env.TEST_SKIP_MSSQL && !process.env.TEST_MSSQL_JDBC_URI_MIGRATE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #521f89ce77854909 Environment-variable access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:774
    const jdbcConnectionString = process.env.TEST_MSSQL_JDBC_URI_MIGRATE?.replace(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #66f8b07eb1eb0e78 Environment-variable access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:781
      connectionString: process.env.TEST_MSSQL_URI!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #60a730ae03c10b05 Environment-variable access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:796
      const shadowDatabaseUrl = process.env.TEST_MSSQL_SHADOWDB_JDBC_URI_MIGRATE?.replace(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cb37dd6224d1a59e Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:817
      fs.writeFileSync('script.sql', sqlScript)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #27cce0023965618c Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:825
      fs.writeFileSync('script.sql', sqlScript)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e909dcbd15a42880 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:833
      fs.writeFileSync('script.sql', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #516f418c9e348e40 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:841
      fs.writeFileSync(
        'script.sql',
        `-- start a transaction
BEGIN TRANSACTION;

SELECT 1

-- commit changes
COMMIT;`,
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c3b5a3ed1ca1e04c Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:860
      fs.writeFileSync(
        'script.sql',
        `-- start a transaction
BEGIN TRANSACTION;

${sqlScript}

-- commit changes
COMMIT;`,
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8a4ba21b6dc945a4 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:882
      fs.writeFileSync('script.sql', '-- empty')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7a0c37d6e5d90348 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:903
      fs.writeFileSync('script.sql', '-- empty')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #969afad264fb26ab Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:922
      fs.writeFileSync('script.sql', '-- empty')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a50d6dafe6a48388 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:944
      fs.writeFileSync('script.sql', 'DROP DATABASE "test-doesnotexists";')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e0231daaf72febb7 Filesystem access.
repo/packages/migrate/src/__tests__/DbExecute.test.ts:956
      fs.writeFileSync('script.sql', 'ThisisnotSQLitshouldfail')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c36d4ac14689167e Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/cockroachdb.test.ts:8
const isMacOrWindowsCI = Boolean(process.env.CI) && ['darwin', 'win32'].includes(process.platform)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #793d0ecbd2b4999d Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/cockroachdb.test.ts:16
  if (!process.env.TEST_SKIP_COCKROACHDB && !process.env.TEST_COCKROACH_URI_MIGRATE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6ced6244b7cffe9c Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/cockroachdb.test.ts:19
  const connectionString = process.env.TEST_COCKROACH_URI_MIGRATE!.replace(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6f259cd35f5fe48a Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/mongodb.test.ts:5
const isMacOrWindowsCI = Boolean(process.env.CI) && ['darwin', 'win32'].includes(process.platform)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #550d7bdf009995bb Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/mysql.test.ts:9
const isMacOrWindowsCI = Boolean(process.env.CI) && ['darwin', 'win32'].includes(process.platform)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c69002bb7aeca47f Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/mysql.test.ts:17
  const connectionString = process.env.TEST_MYSQL_URI!.replace('tests-migrate', 'tests-migrate-db-pull-mysql')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8a4a694da716ac1f Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/mysql.test.ts:20
    connectionString: process.env.TEST_MYSQL_URI!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #24b2f22e944fe61d Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/postgresql-extensions.test.ts:8
const isMacOrWindowsCI = Boolean(process.env.CI) && ['darwin', 'win32'].includes(process.platform)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c25a953ae7dbb1da Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/postgresql-extensions.test.ts:16
  const connectionString = process.env.TEST_POSTGRES_URI_MIGRATE!.replace(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #97f8c26a7bad3487 Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/postgresql-missing-database.test.ts:5
const isMacOrWindowsCI = Boolean(process.env.CI) && ['darwin', 'win32'].includes(process.platform)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #062eaa9c90aa0de1 Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/postgresql-missing-database.test.ts:13
  const defaultConnectionString = process.env.TEST_POSTGRES_URI_MIGRATE!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #326197fef8583c2b Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/postgresql-multischema.test.ts:8
const isMacOrWindowsCI = Boolean(process.env.CI) && ['darwin', 'win32'].includes(process.platform)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b7551760df5b1a9a Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/postgresql-multischema.test.ts:16
  const connectionString = process.env.TEST_POSTGRES_URI_MIGRATE!.replace(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a36ea30c23e339d5 Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/postgresql-views.test.ts:10
if (process.env.CI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5978afa4640834bd Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/postgresql-views.test.ts:19
  const connectionString = process.env.TEST_POSTGRES_URI_MIGRATE!.replace(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0928377c7d6163e4 Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/postgresql.test.ts:8
const isMacOrWindowsCI = Boolean(process.env.CI) && ['darwin', 'win32'].includes(process.platform)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f0bfa3159645e21c Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/postgresql.test.ts:16
  const connectionString = process.env.TEST_POSTGRES_URI_MIGRATE!.replace(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7308b26593646943 Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/schema-folder.test.ts:4
const isMacOrWindowsCI = Boolean(process.env.CI) && ['darwin', 'win32'].includes(process.platform)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #40dce132d9b2b981 Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/sqlite.test.ts:5
const isMacOrWindowsCI = Boolean(process.env.CI) && ['darwin', 'win32'].includes(process.platform)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7e5f76a7edf622f5 Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/sqlserver.test.ts:9
const isMacOrWindowsCI = Boolean(process.env.CI) && ['darwin', 'win32'].includes(process.platform)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1985e3f59e37dd99 Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/sqlserver.test.ts:33
  if (!process.env.TEST_SKIP_MSSQL && !process.env.TEST_MSSQL_URI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b3a720714253023d Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/sqlserver.test.ts:36
  if (!process.env.TEST_SKIP_MSSQL && !process.env.TEST_MSSQL_JDBC_URI_MIGRATE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7596156f8825f4aa Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/sqlserver.test.ts:42
    connectionString: process.env.TEST_MSSQL_URI!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f74dac0cec9fc611 Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/sqlserver.test.ts:58
    const url = process.env.TEST_MSSQL_JDBC_URI_MIGRATE!.replace('tests-migrate', databaseName)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cff9c0f09b36d1a6 Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/sqlserver.test.ts:59
    const shadowDatabaseUrl = process.env.TEST_MSSQL_SHADOWDB_JDBC_URI_MIGRATE?.replace(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #59fa21ac1988dfc6 Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/sqlserver.test.ts:97
  if (process.env.CI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b68813a2697b44fc Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/sqlserver.test.ts:104
  if (!process.env.TEST_SKIP_MSSQL && !process.env.TEST_MSSQL_URI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #18e8eaf11b57c446 Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/sqlserver.test.ts:107
  if (!process.env.TEST_SKIP_MSSQL && !process.env.TEST_MSSQL_JDBC_URI_MIGRATE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #683615f3473f3d8f Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/sqlserver.test.ts:114
    connectionString: process.env.TEST_MSSQL_URI!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8db86460226e7535 Environment-variable access.
repo/packages/migrate/src/__tests__/DbPull/sqlserver.test.ts:131
    const url = process.env.TEST_MSSQL_JDBC_URI_MIGRATE!.replace('tests-migrate', databaseName)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #aa05938860f93606 Environment-variable access.
repo/packages/migrate/src/__tests__/DbPush.test.ts:14
  const inDockerIt = process.env.TEST_NO_DOCKER ? it.skip : it

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6ad8791ccd9b0339 Environment-variable access.
repo/packages/migrate/src/__tests__/DbPush.test.ts:107
    process.env.GITHUB_ACTIONS = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #521bdcecd32141ed Environment-variable access.
repo/packages/migrate/src/__tests__/DbPush.test.ts:227
    process.env.GITHUB_ACTIONS = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #db3503980dff4d2c Environment-variable access.
repo/packages/migrate/src/__tests__/DbPush.test.ts:273
  const connectionString = process.env.TEST_POSTGRES_URI_MIGRATE!.replace('tests-migrate', 'tests-migrate-db-push')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #30277d746d82d262 Environment-variable access.
repo/packages/migrate/src/__tests__/DbPush.test.ts:338
  const connectionString = process.env.TEST_POSTGRES_URI_MIGRATE!.replace(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e1606dc2f70cea1c Environment-variable access.
repo/packages/migrate/src/__tests__/DbPush.test.ts:388
  if (!process.env.TEST_SKIP_MONGODB && !process.env.TEST_MONGO_URI_MIGRATE_EXISTING_DB) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f2664b76cc12d529 Environment-variable access.
repo/packages/migrate/src/__tests__/DbPush.test.ts:392
    connectionString: process.env.TEST_MONGO_URI_MIGRATE_EXISTING_DB!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0abe60edf195f2d0 Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDeploy.test.ts:179
  const connectionString = process.env.TEST_POSTGRES_URI_MIGRATE!.replace('tests-migrate', 'tests-migrate-deploy')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cb219e5b7e3dded2 Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDev.test.ts:32
  process.env.GITHUB_ACTIONS = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b7ca8d3f4ddf7b36 Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDev.test.ts:834
  const connectionString = process.env.TEST_POSTGRES_URI_MIGRATE!.replace('tests-migrate', 'tests-migrate-dev')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #798224e83c449455 Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDev.test.ts:1181
  testIf(!process.env.CI || process.platform !== 'darwin')('external tables', async () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a7be63767894b95a Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDev.test.ts:1246
  if (!process.env.TEST_SKIP_COCKROACHDB && !process.env.TEST_COCKROACH_URI_MIGRATE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f4366a7e56ebf4f1 Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDev.test.ts:1249
  const connectionString = process.env.TEST_COCKROACH_URI_MIGRATE!.replace('tests-migrate', 'tests-migrate-dev')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5fa8220838e70461 Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDev.test.ts:1414
  const connectionString = process.env.TEST_MYSQL_URI_MIGRATE!.replace('tests-migrate', 'tests-migrate-dev')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #06307559142cb1a0 Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDev.test.ts:1601
  if (process.env.CI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #013b1029f6a18b91 Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDev.test.ts:1610
    connectionString: process.env.TEST_MSSQL_URI!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #11e8c4327501d252 Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDev.test.ts:1625
    const url = process.env.TEST_MSSQL_JDBC_URI_MIGRATE!.replace('tests-migrate', databaseName)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f5923a059ba43aa5 Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDev.test.ts:1626
    const shadowDatabaseUrl = process.env.TEST_MSSQL_SHADOWDB_JDBC_URI_MIGRATE?.replace(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #07f4c7e2ec0519b9 Filesystem access.
repo/packages/migrate/src/__tests__/MigrateDiff.test.ts:490
        await fs.writeFile(path.join(ctx.configDir(), 'dev.db'), '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #77b3e0b44524e25f Filesystem access.
repo/packages/migrate/src/__tests__/MigrateDiff.test.ts:508
        await fs.writeFile(path.join(ctx.configDir(), 'dev.db'), '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5175a88ec7d91b64 Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDiff.test.ts:693
    if (!process.env.TEST_SKIP_COCKROACHDB && !process.env.TEST_COCKROACH_URI_MIGRATE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8f740de83713fcb7 Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDiff.test.ts:696
    const connectionString = process.env.TEST_COCKROACH_URI_MIGRATE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3b57ee89fc3e5a03 Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDiff.test.ts:745
    const connectionString = process.env.TEST_POSTGRES_URI_MIGRATE!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #16deb20f1125f68d Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDiff.test.ts:804
    const connectionString = process.env.TEST_MYSQL_URI_MIGRATE!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d70c86466ff13fe6 Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDiff.test.ts:854
    if (!process.env.TEST_SKIP_MSSQL && !process.env.TEST_MSSQL_JDBC_URI_MIGRATE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8c27e781279f9866 Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDiff.test.ts:858
    const jdbcConnectionString = process.env.TEST_MSSQL_JDBC_URI_MIGRATE!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #61d5a59041447ed3 Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDiff.test.ts:861
      connectionString: process.env.TEST_MSSQL_URI!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cb174ab9cc73d301 Environment-variable access.
repo/packages/migrate/src/__tests__/MigrateDiff.test.ts:876
      const shadowDatabaseUrl = process.env.TEST_MSSQL_SHADOWDB_JDBC_URI_MIGRATE?.replace(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f49d4f738f12a89e Environment-variable access.
repo/packages/migrate/src/__tests__/__helpers__/conditionalTests.ts:90
  if (matrix.providers.cockroachdb && process.env.TEST_SKIP_COCKROACHDB) return skip(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bdb93b3fc6104d3e Environment-variable access.
repo/packages/migrate/src/__tests__/__helpers__/conditionalTests.ts:91
  if (matrix.providers.sqlserver && process.env.TEST_SKIP_MSSQL) return skip(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7ea65590a10f4c7e Environment-variable access.
repo/packages/migrate/src/__tests__/__helpers__/conditionalTests.ts:92
  if (matrix.providers.mongodb && process.env.TEST_SKIP_MONGODB) return skip(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6c492e2333bbacdc Environment-variable access.
repo/packages/migrate/src/__tests__/handlePanic.introspect.test.ts:11
    process.env.FORCE_PANIC_SCHEMA_ENGINE = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2a2c832d4836a98c Environment-variable access.
repo/packages/migrate/src/__tests__/handlePanic.migrate.test.ts:17
    process.env.FORCE_PANIC_SCHEMA_ENGINE = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #811e682d51854c0a Filesystem access.
repo/packages/migrate/src/__tests__/introspection/introspection.test.ts:2
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a55492d700ffe320 Filesystem access.
repo/packages/migrate/src/__tests__/introspection/introspection.test.ts:14
  const schemaContent = await fs.promises.readFile(schemaPath, { encoding: 'utf-8' })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1ef5e60717cc5730 Environment-variable access.
repo/packages/migrate/src/__tests__/rpc.test.ts:502
        url: process.env.TEST_POSTGRES_URI!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f308bca37d76e907 Environment-variable access.
repo/packages/migrate/src/__tests__/setup.ts:7
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1a9ff670f2b8db36 Environment-variable access.
repo/packages/migrate/src/__tests__/setup.ts:13
      delete process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #67156806cc216400 Environment-variable access.
repo/packages/migrate/src/__tests__/setup.ts:15
      process.env[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #73d3fc586199e94a Environment-variable access.
repo/packages/migrate/src/__tests__/setup.ts:24
  process.env.CI = 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7829dbaec313490c Environment-variable access.
repo/packages/migrate/src/__tests__/utils/ai-safety.test.ts:17
    delete process.env[name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #23e83e132093454d Environment-variable access.
repo/packages/migrate/src/__tests__/utils/ai-safety.test.ts:46
  process.env[envVar] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d1e6aac943738d75 Environment-variable access.
repo/packages/migrate/src/__tests__/utils/ai-safety.test.ts:51
  process.env.AI_AGENT = 'v0'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ed06865610bddd76 Environment-variable access.
repo/packages/migrate/src/__tests__/utils/ai-safety.test.ts:56
  process.env.AGENT = 'some-new-agent'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5ce5155f79eadfe3 Environment-variable access.
repo/packages/migrate/src/__tests__/utils/ai-safety.test.ts:65
  process.env.AI_AGENT = 'some\nagent\u0000name'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d1a920619d8b8123 Environment-variable access.
repo/packages/migrate/src/__tests__/utils/ai-safety.test.ts:70
  process.env.AI_AGENT = 'a'.repeat(200)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c16d6c4c2b7bd889 Environment-variable access.
repo/packages/migrate/src/__tests__/utils/ai-safety.test.ts:75
  process.env.AI_AGENT = '\u0001\u0002'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e35f4b51d4a4af6d Environment-variable access.
repo/packages/migrate/src/__tests__/utils/ai-safety.test.ts:80
  process.env.AGENT = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #df52ec2c13636b86 Environment-variable access.
repo/packages/migrate/src/__tests__/utils/ai-safety.test.ts:85
  process.env.REPLIT_SESSION = 'prisma-Abcd'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4a945f77992ad71d Environment-variable access.
repo/packages/migrate/src/__tests__/utils/ai-safety.test.ts:90
  process.env.OR_APP_NAME = 'SomeOtherApp'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e426ab778227fca3 Environment-variable access.
repo/packages/migrate/src/__tests__/utils/ai-safety.test.ts:95
  process.env.CLAUDECODE = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d2b8b2ff7eab670d Environment-variable access.
repo/packages/migrate/src/__tests__/utils/ai-safety.test.ts:96
  process.env.PRISMA_USER_CONSENT_FOR_DANGEROUS_AI_ACTION = 'yes, reset my dev database'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af541d561129cd75 Filesystem access.
repo/packages/migrate/src/commands/DbExecute.ts:14
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #334a2b5a85ec2193 Filesystem access.
repo/packages/migrate/src/commands/DbExecute.ts:118
        script = fs.readFileSync(path.resolve(args['--file']), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f73e83de5a0e839a Filesystem access.
repo/packages/migrate/src/utils/createMigration.ts:36
  await fs.promises.writeFile(path.join(baseDir, migrationName, `migration.${extension}`), script, {
    encoding: 'utf-8',
  })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba598cdc78971f07 Filesystem access.
repo/packages/migrate/src/utils/createMigration.ts:52
  await fs.promises.writeFile(path.join(baseDir, lockfile.path), lockfileContent, { encoding: 'utf-8' })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9aab57a91f2ad33 Filesystem access.
repo/packages/migrate/src/utils/listMigrations.ts:21
  const lockfileContent = await fs
    .readFile(path.join(migrationsDirectoryPath, lockfileName), { encoding: 'utf-8' })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0915544020c7598c Filesystem access.
repo/packages/migrate/src/utils/listMigrations.ts:56
    const migrationFileContent = await fs
      .readFile(path.join(migrationPath, migrationFileName), { encoding: 'utf-8' })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #93925bebffeca685 Filesystem access.
repo/packages/migrate/src/utils/saveSchemaFiles.ts:6
  await Promise.all(schemas.files.map((file) => fs.writeFile(file.path, file.content, 'utf8')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c7659493f779af0 Filesystem access.
repo/packages/migrate/src/utils/setupCockroach.ts:2
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #418554c93336f71f Filesystem access.
repo/packages/migrate/src/utils/setupCockroach.ts:28
    await db.query(fs.readFileSync(path.join(dirname, 'setup.sql'), 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e56bff0430e7512c Filesystem access.
repo/packages/migrate/src/utils/setupMSSQL.ts:1
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a1f21fb1bc10e4c Filesystem access.
repo/packages/migrate/src/utils/setupMSSQL.ts:46
    schema += fs.readFileSync(path.join(dirname, 'setup.sql'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4f03199cd0e055e3 Filesystem access.
repo/packages/migrate/src/utils/setupMysql.ts:2
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #daf00d0f124da8c1 Filesystem access.
repo/packages/migrate/src/utils/setupMysql.ts:42
    await db.query(fs.readFileSync(path.join(dirname, 'setup.sql'), 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3be2cc3e7af4bc71 Filesystem access.
repo/packages/migrate/src/utils/setupPostgres.ts:29
    const migrationScript = await fs.readFile(path.join(dirname, 'setup.sql'), { encoding: 'utf-8' })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a204c21a8cd0701e Environment-variable access.
repo/packages/migrate/src/utils/test-SchemaEngineCommands.ts:12
  const result = await canConnectToDatabase(process.env.TEST_CONNECTION_STRING!)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/query-plan-executor

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #4aaf672b4f04e253 Environment-variable access.
repo/packages/query-plan-executor/examples/server.ts:12
  const databaseUrl = process.env.TEST_POSTGRES_URI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/schema-files-loader

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #dfd20774d32a3221 Filesystem access.
repo/packages/schema-files-loader/src/resolver/realFsResolver.ts:26
    return fs.readFile(path, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4802b992dafe481c Filesystem access.
repo/packages/schema-files-loader/src/testUtils.ts:16
  return [filePath, fs.readFileSync(filePath, 'utf8')]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/type-benchmark-tests

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #50f5a07827281651 Environment-variable access.
repo/packages/type-benchmark-tests/huge-schema/prisma.config.ts:5
    url: process.env.DATABASE_URL!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #07b852059e44072b Environment-variable access.
repo/packages/type-benchmark-tests/lots-of-relations/prisma.config.ts:5
    url: process.env.DATABASE_URL!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

wrangler

npm dependency
high pii_flow dependency Excluded from app score #f555e2e974525780 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/templates/startDevWorker/InspectorProxyWorker.ts:306 · flow /tmp/closeopen-4qv0oeoo/pkgs/npm/[email protected]/templates/startDevWorker/InspectorProxyWorker.ts:293 → /tmp/closeopen-4qv0oeoo/pkgs/npm/[email protected]/templates/startDevWorker/InspectorProxyWorker.ts:306
		const upgrade = await fetch(runtimeWebSocketUrl, {
			headers: {
				...this.proxyData.headers,
				Upgrade: "websocket",
			},
			signal: this.runtimeAbortController.signal,
		});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #a79987a895289991 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/wrangler-dist/InspectorProxyWorker.js:223 · flow /tmp/closeopen-4qv0oeoo/pkgs/npm/[email protected]/wrangler-dist/InspectorProxyWorker.js:215 → /tmp/closeopen-4qv0oeoo/pkgs/npm/[email protected]/wrangler-dist/InspectorProxyWorker.js:223
    const upgrade = await fetch(runtimeWebSocketUrl, {
      headers: {
        ...this.proxyData.headers,
        Upgrade: "websocket"
      },
      signal: this.runtimeAbortController.signal
    });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

@eslint/eslintrc

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #fac894ce044274e6 Filesystem access.
pkgs/npm/@[email protected]/lib/config-array-factory.js:154
    return fs.readFileSync(filePath, "utf8").replace(/^\ufeff/u, "");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@microsoft/api-extractor

npm dependency
expand_more 7 low-confidence finding(s)
low env_fs dependency Excluded from app score #0d9fe98e940599ea Filesystem access.
pkgs/npm/@[email protected]/lib/analyzer/PackageMetadataManager.js:199
        node_core_library_1.FileSystem.writeFile(tsdocMetadataPath, fileContent, {
            convertLineEndings: newlineKind,
            ensureFolderExists: true
        });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f52e7c44fef7d00 Filesystem access.
pkgs/npm/@[email protected]/lib/api/Extractor.js:233
        node_core_library_1.FileSystem.writeFile(actualApiReportPath, actualApiReportContent, {
            ensureFolderExists: true,
            convertLineEndings: extractorConfig.newlineKind
        });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #918d47689c5c7b61 Filesystem access.
pkgs/npm/@[email protected]/lib/api/Extractor.js:239
            const expectedApiReportContent = node_core_library_1.FileSystem.readFile(expectedApiReportPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f0ec75dc5325be5 Filesystem access.
pkgs/npm/@[email protected]/lib/api/Extractor.js:252
                    node_core_library_1.FileSystem.writeFile(expectedApiReportPath, actualApiReportContent, {
                        ensureFolderExists: true,
                        convertLineEndings: extractorConfig.newlineKind
                    });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b47ab1c88ee04ac5 Filesystem access.
pkgs/npm/@[email protected]/lib/api/Extractor.js:283
                    node_core_library_1.FileSystem.writeFile(expectedApiReportPath, actualApiReportContent, {
                        convertLineEndings: extractorConfig.newlineKind
                    });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #880fff0251c10e8d Filesystem access.
pkgs/npm/@[email protected]/lib/collector/SourceMapper.js:91
                originalFileInfo.maxColumnForLine = node_core_library_1.FileSystem.readFile(mappedFilePath, {
                    convertLineEndings: node_core_library_1.NewlineKind.Lf
                })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3dd53f8eff284d0b Filesystem access.
pkgs/npm/@[email protected]/lib/generators/DtsRollupGenerator.js:90
        node_core_library_1.FileSystem.writeFile(dtsFilename, writer.toString(), {
            convertLineEndings: newlineKind,
            ensureFolderExists: true
        });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@neondatabase/serverless

npm dependency
expand_more 6 low-confidence finding(s)
low env_fs dependency Excluded from app score #ee04bc956099fba7 Filesystem access.
pkgs/npm/@[email protected]/index.js:857
(t.ssl.cert=gr.readFileSync(t.sslcert).toString()),t.sslkey&&(t.ssl.key=gr.readFileSync(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30538698c2dedde7 Filesystem access.
pkgs/npm/@[email protected]/index.js:857
(t.ssl.cert=gr.readFileSync(t.sslcert).toString()),t.sslkey&&(t.ssl.key=gr.readFileSync(
t.sslkey).toString()),t.sslrootcert&&(t.ssl.ca=gr.readFileSync(t.sslrootcert).toString()),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #802a17988f973af8 Filesystem access.
pkgs/npm/@[email protected]/index.js:858
t.sslkey).toString()),t.sslrootcert&&(t.ssl.ca=gr.readFileSync(t.sslrootcert).toString()),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d2350af104bed0a Filesystem access.
pkgs/npm/@[email protected]/index.mjs:857
(t.ssl.cert=mr.readFileSync(t.sslcert).toString()),t.sslkey&&(t.ssl.key=mr.readFileSync(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e04487823cda616a Filesystem access.
pkgs/npm/@[email protected]/index.mjs:857
(t.ssl.cert=mr.readFileSync(t.sslcert).toString()),t.sslkey&&(t.ssl.key=mr.readFileSync(
t.sslkey).toString()),t.sslrootcert&&(t.ssl.ca=mr.readFileSync(t.sslrootcert).toString()),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #095e4bb1c804af75 Filesystem access.
pkgs/npm/@[email protected]/index.mjs:858
t.sslkey).toString()),t.sslrootcert&&(t.ssl.ca=mr.readFileSync(t.sslrootcert).toString()),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@prisma/prisma-schema-wasm

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #71a459d6c2054e83 Filesystem access.
pkgs/npm/@prisma__prisma-schema-wasm@7.8.0-6.3c6e192761c0362d496ed980de936e2f3cebcd3a/src/prisma_schema_build.js:535
const wasmBytes = require('fs').readFileSync(wasmPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@swc/core

npm dependency
expand_more 12 low-confidence finding(s)
low env_fs dependency Excluded from app score #6a96a6b2e9adef34 Filesystem access.
pkgs/npm/@[email protected]/binding.js:5
const { readFileSync } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1c0f20a9ea25357 Filesystem access.
pkgs/npm/@[email protected]/binding.js:28
    return readFileSync('/usr/bin/ldd', 'utf-8').includes('musl')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8802181630c3ee70 Environment-variable access.
pkgs/npm/@[email protected]/binding.js:304
if (!nativeBinding || process.env.NAPI_RS_FORCE_WASI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4fa005d5cd56b496 Environment-variable access.
pkgs/npm/@[email protected]/binding.js:308
    if (process.env.NAPI_RS_FORCE_WASI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c05f55280d7c33d1 Environment-variable access.
pkgs/npm/@[email protected]/binding.js:316
      if (process.env.NAPI_RS_FORCE_WASI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60e88d42e2333612 Environment-variable access.
pkgs/npm/@[email protected]/index.js:54
const bindingsOverride = process.env["SWC_BINARY_PATH"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ce9d8bcb36a5458 Filesystem access.
pkgs/npm/@[email protected]/postinstall.js:41
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cfb15d600b4fdfce Filesystem access.
pkgs/npm/@[email protected]/postinstall.js:45
const fs = __importStar(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6dee875f3158b757 Environment-variable access.
pkgs/npm/@[email protected]/postinstall.js:69
        const { name } = require(path.resolve(process.env.INIT_CWD, "package.json"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e8758489b29c198 Environment-variable access.
pkgs/npm/@[email protected]/postinstall.js:100
    if (!!process.env["SWC_BINARY_PATH"]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62f572d6ccf68225 Filesystem access.
pkgs/npm/@[email protected]/postinstall.js:122
        fs.writeFileSync(path.join(installDir, "package.json"), "{}");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ddc21ae61b32aba8 Environment-variable access.
pkgs/npm/@[email protected]/postinstall.js:128
        fs.renameSync(installedBinPath, path.resolve(process.env.INIT_CWD, "node_modules", `@swc/wasm`));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@swc/jest

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #6209f789bd034966 Filesystem access.
pkgs/npm/@[email protected]/index.js:55
var fs = __importStar(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1815db82f102348 Filesystem access.
pkgs/npm/@[email protected]/index.js:106
        var options = (0, jsonc_parser_1.parse)(fs.readFileSync(swcrc, "utf-8"), errors);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@types/fs-extra

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #c9ca0aceef1f2e3e Filesystem access.
pkgs/npm/@[email protected]/index.d.ts:3
import * as fs from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

better-sqlite3

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #4e5c6b261dfd718a Filesystem access.
pkgs/npm/[email protected]/deps/copy.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20a626d936cfb956 Filesystem access.
pkgs/npm/[email protected]/lib/database.js:2
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e93ec92b1b14c998 Filesystem access.
pkgs/npm/[email protected]/lib/methods/backup.js:2
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

chokidar

npm dependency
expand_more 14 low-confidence finding(s)
low env_fs dependency Excluded from app score #aeb123e0af12c5ef Filesystem access.
pkgs/npm/[email protected]/esm/handler.d.ts:1
import type { WatchEventType, Stats, FSWatcher as NativeFsWatcher } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #973bc13ab67e9934 Filesystem access.
pkgs/npm/[email protected]/esm/handler.js:1
import { watchFile, unwatchFile, watch as fs_watch } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3b1b43fce721f9e Filesystem access.
pkgs/npm/[email protected]/esm/handler.js:2
import { open, stat, lstat, realpath as fsrealpath } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d7686a5ba9c5cba Filesystem access.
pkgs/npm/[email protected]/esm/index.d.ts:2
import { Stats } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab2cc81407fe2b4c Filesystem access.
pkgs/npm/[email protected]/esm/index.js:2
import { stat as statcb } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d45dfba5e8abf6b8 Filesystem access.
pkgs/npm/[email protected]/esm/index.js:3
import { stat, readdir } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8769df388e347fec Environment-variable access.
pkgs/npm/[email protected]/esm/index.js:260
        const envPoll = process.env.CHOKIDAR_USEPOLLING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df7f5db300d592ca Environment-variable access.
pkgs/npm/[email protected]/esm/index.js:270
        const envInterval = process.env.CHOKIDAR_INTERVAL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3da5ff5ae30c117f Filesystem access.
pkgs/npm/[email protected]/handler.d.ts:1
import type { WatchEventType, Stats, FSWatcher as NativeFsWatcher } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1fcdbb1495f1fec9 Filesystem access.
pkgs/npm/[email protected]/handler.js:4
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7707606d0869532 Filesystem access.
pkgs/npm/[email protected]/index.d.ts:2
import { Stats } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2bdd7dea6be1a35 Filesystem access.
pkgs/npm/[email protected]/index.js:6
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2936044782fe6d1e Environment-variable access.
pkgs/npm/[email protected]/index.js:265
        const envPoll = process.env.CHOKIDAR_USEPOLLING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b96ee004f663b9a Environment-variable access.
pkgs/npm/[email protected]/index.js:275
        const envInterval = process.env.CHOKIDAR_INTERVAL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

dotenv

npm dependency
expand_more 18 low-confidence finding(s)
low env_fs dependency Excluded from app score #63e54673ca5d8ff8 Environment-variable access.
pkgs/npm/[email protected]/lib/env-options.js:4
if (process.env.DOTENV_CONFIG_ENCODING != null) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63047b872976edcc Environment-variable access.
pkgs/npm/[email protected]/lib/env-options.js:5
  options.encoding = process.env.DOTENV_CONFIG_ENCODING

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a980f3c181dd913a Environment-variable access.
pkgs/npm/[email protected]/lib/env-options.js:8
if (process.env.DOTENV_CONFIG_PATH != null) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #628a7b0d449c02f4 Environment-variable access.
pkgs/npm/[email protected]/lib/env-options.js:9
  options.path = process.env.DOTENV_CONFIG_PATH

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cb60f7bffd968db Environment-variable access.
pkgs/npm/[email protected]/lib/env-options.js:12
if (process.env.DOTENV_CONFIG_QUIET != null) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fc920ec4456b094 Environment-variable access.
pkgs/npm/[email protected]/lib/env-options.js:13
  options.quiet = process.env.DOTENV_CONFIG_QUIET

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63641975597243a4 Environment-variable access.
pkgs/npm/[email protected]/lib/env-options.js:16
if (process.env.DOTENV_CONFIG_DEBUG != null) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3256427e1892d2a Environment-variable access.
pkgs/npm/[email protected]/lib/env-options.js:17
  options.debug = process.env.DOTENV_CONFIG_DEBUG

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb63d7bf82f17bdc Environment-variable access.
pkgs/npm/[email protected]/lib/env-options.js:20
if (process.env.DOTENV_CONFIG_OVERRIDE != null) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e570941ff44f488b Environment-variable access.
pkgs/npm/[email protected]/lib/env-options.js:21
  options.override = process.env.DOTENV_CONFIG_OVERRIDE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #939e9fb086ed1c8d Environment-variable access.
pkgs/npm/[email protected]/lib/env-options.js:24
if (process.env.DOTENV_CONFIG_DOTENV_KEY != null) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5af8ae05dbd35773 Environment-variable access.
pkgs/npm/[email protected]/lib/env-options.js:25
  options.DOTENV_KEY = process.env.DOTENV_CONFIG_DOTENV_KEY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e27d3827b0dc46a3 Filesystem access.
pkgs/npm/[email protected]/lib/main.js:1
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e83dbe6c796a3d0 Environment-variable access.
pkgs/npm/[email protected]/lib/main.js:152
  if (process.env.DOTENV_KEY && process.env.DOTENV_KEY.length > 0) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0bc98161f9559702 Environment-variable access.
pkgs/npm/[email protected]/lib/main.js:153
    return process.env.DOTENV_KEY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65288bdffd1e571b Environment-variable access.
pkgs/npm/[email protected]/lib/main.js:232
  const debug = parseBoolean(process.env.DOTENV_CONFIG_DEBUG || (options && options.debug))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a05d7490963bbf77 Environment-variable access.
pkgs/npm/[email protected]/lib/main.js:233
  const quiet = parseBoolean(process.env.DOTENV_CONFIG_QUIET || (options && options.quiet))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c23220b7c01c1402 Filesystem access.
pkgs/npm/[email protected]/lib/main.js:288
      const parsed = DotenvModule.parse(fs.readFileSync(path, { encoding }))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

dotenv-cli

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #531fbf7e3c08e16d Environment-variable access.
pkgs/npm/[email protected]/cli.js:96
  let value = process.env[argv.p]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

esbuild

npm dependency
expand_more 21 low-confidence finding(s)
low env_fs dependency Excluded from app score #0e7124c33f4e3f30 Filesystem access.
pkgs/npm/[email protected]/install.js:26
var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4ef5217e6fea531 Environment-variable access.
pkgs/npm/[email protected]/install.js:29
var ESBUILD_BINARY_PATH = process.env.ESBUILD_BINARY_PATH || ESBUILD_BINARY_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aab6cb347ec88992 Filesystem access.
pkgs/npm/[email protected]/install.js:88
var fs2 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea532bcd6897acf5 Filesystem access.
pkgs/npm/[email protected]/install.js:184
    fs2.writeFileSync(path2.join(installDir, "package.json"), "{}");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b09ed4bba0491cea Filesystem access.
pkgs/npm/[email protected]/install.js:214
  fs2.writeFileSync(toPath, `#!/usr/bin/env node
require('child_process').execFileSync(${pathString}, process.argv.slice(2), { stdio: 'inherit' });
`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #877d6e6b6917dd4b Filesystem access.
pkgs/npm/[email protected]/install.js:218
  const code = fs2.readFileSync(libMain, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #183aa2dfcc2b57cd Filesystem access.
pkgs/npm/[email protected]/install.js:219
  fs2.writeFileSync(libMain, `var ESBUILD_BINARY_PATH = ${pathString};
${code}`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91773bd989c40c85 Filesystem access.
pkgs/npm/[email protected]/install.js:238
    fs2.writeFileSync(binPath, extractFileFromTarGzip(await fetch(url), subpath));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #553713b87d759d01 Filesystem access.
pkgs/npm/[email protected]/lib/main.js:737
            fs3.readFile(response.code, (err, contents) => {
              if (err !== null) {
                callback(err, null);
              } else {
                response.code = contents;
                next();
              }
            });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15b6996993e6dac5 Filesystem access.
pkgs/npm/[email protected]/lib/main.js:748
            fs3.readFile(response.map, (err, contents) => {
              if (err !== null) {
                callback(err, null);
              } else {
                response.map = contents;
                next();
              }
            });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e84cc2acd0331098 Filesystem access.
pkgs/npm/[email protected]/lib/main.js:774
      start = () => fs3.writeFile(input, next);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0d7a562de893bb4 Filesystem access.
pkgs/npm/[email protected]/lib/main.js:1429
            contents = streamIn.readFileSync(match[1], "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e36b898668ba9afd Filesystem access.
pkgs/npm/[email protected]/lib/main.js:1592
var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f5cf72c1e3ca528 Environment-variable access.
pkgs/npm/[email protected]/lib/main.js:1595
var ESBUILD_BINARY_PATH = process.env.ESBUILD_BINARY_PATH || ESBUILD_BINARY_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #146989e820aa5439 Filesystem access.
pkgs/npm/[email protected]/lib/main.js:1785
var fs2 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5cc02cd067c00172 Environment-variable access.
pkgs/npm/[email protected]/lib/main.js:1789
if (process.env.ESBUILD_WORKER_THREADS !== "0") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0fa1be25f0cf67a Filesystem access.
pkgs/npm/[email protected]/lib/main.js:1827
      let contents = fs2.readFileSync(tempFile, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #890c966d9732f815 Filesystem access.
pkgs/npm/[email protected]/lib/main.js:1840
      fs2.writeFileSync(tempFile, contents);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff170b8a6ff5e43f Filesystem access.
pkgs/npm/[email protected]/lib/main.js:1850
      fs2.readFile(tempFile, "utf8", (err, contents) => {
        try {
          fs2.unlink(tempFile, () => callback(err, contents));
        } catch {
          callback(err, contents);
        }
      });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb8eb36211fda9fa Filesystem access.
pkgs/npm/[email protected]/lib/main.js:1864
      fs2.writeFile(tempFile, contents, (err) => err !== null ? callback(null) : callback(tempFile));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a5c562456af5d22 Environment-variable access.
pkgs/npm/[email protected]/lib/main.js:2085
    maxBuffer: +process.env.ESBUILD_MAX_BUFFER || 16 * 1024 * 1024

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

eslint

npm dependency
expand_more 10 low-confidence finding(s)
low env_fs dependency Excluded from app score #a816cce015bda343 Filesystem access.
pkgs/npm/[email protected]/lib/cli-engine/cli-engine.js:736
            fs.writeFileSync(result.filePath, result.output);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11c26ac75feb0fd5 Filesystem access.
pkgs/npm/[email protected]/lib/cli-engine/cli-engine.js:846
                text: fs.readFileSync(filePath, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #413ae081cc7fb3bd Filesystem access.
pkgs/npm/[email protected]/lib/cli-engine/lint-result-cache.js:149
            results.source = fs.readFileSync(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aaa7831b37a2c532 Filesystem access.
pkgs/npm/[email protected]/lib/eslint/eslint.js:560
                .map(r => fs.writeFile(r.filePath, r.output))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c69ec80779c3dcf3 Filesystem access.
pkgs/npm/[email protected]/lib/eslint/eslint.js:806
                return retrier.retry(() => fs.readFile(filePath, { encoding: "utf8", signal: controller.signal })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aca9e466ddaf2250 Environment-variable access.
pkgs/npm/[email protected]/lib/eslint/eslint.js:1113
    return (process.env.ESLINT_USE_FLAT_CONFIG !== "false");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f5940f22b436531 Environment-variable access.
pkgs/npm/[email protected]/lib/linter/timing.js:44
const enabled = !!process.env.TIMING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6aa47445673e057 Environment-variable access.
pkgs/npm/[email protected]/lib/linter/timing.js:56
    if (typeof process.env.TIMING !== "string") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee41859a35c8754a Environment-variable access.
pkgs/npm/[email protected]/lib/linter/timing.js:60
    if (process.env.TIMING.toLowerCase() === "all") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7675417279569642 Environment-variable access.
pkgs/npm/[email protected]/lib/linter/timing.js:64
    const TIMING_ENV_VAR_AS_INTEGER = Number.parseInt(process.env.TIMING, 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

eslint-config-prettier

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #8a566f533a066201 Environment-variable access.
pkgs/npm/[email protected]/bin/cli.js:45
      switch (process.env.ESLINT_USE_FLAT_CONFIG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #217afb7ec929e5f6 Environment-variable access.
pkgs/npm/[email protected]/index.js:3
const includeDeprecated = !process.env.ESLINT_CONFIG_PRETTIER_NO_DEPRECATED;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

eslint-plugin-import-x

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #367f45aa9b55a941 Filesystem access.
pkgs/npm/[email protected]/lib/rules/no-extraneous-dependencies.js:18
        return JSON.parse(node_fs_1.default.readFileSync(jsonPath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa783c072ee77146 Filesystem access.
pkgs/npm/[email protected]/lib/utils/export-map.js:58
        const content = node_fs_1.default.readFileSync(filepath, { encoding: 'utf8' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a3e4a270a6d02e8 Filesystem access.
pkgs/npm/[email protected]/lib/utils/read-pkg-up.js:17
            pkg: JSON.parse(stripBOM(node_fs_1.default.readFileSync(fp, { encoding: 'utf8' }))),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

eslint-plugin-jest

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #80e3c1bfe1120cf9 Filesystem access.
pkgs/npm/[email protected]/lib/index.js:3
var _fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

execa

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #daffd5eaa51376dc Filesystem access.
pkgs/npm/[email protected]/lib/stream.js:19
	return readFileSync(inputFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

fast-glob

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #ae0ac8d053f050b2 Filesystem access.
pkgs/npm/[email protected]/out/readers/reader.d.ts:2
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #125f1496fa42b6bd Filesystem access.
pkgs/npm/[email protected]/out/settings.js:4
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cd5be967a488bc0 Filesystem access.
pkgs/npm/[email protected]/out/utils/fs.d.ts:2
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

fs-extra

npm dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #efc68f4e71a1f450 Filesystem access.
pkgs/npm/[email protected]/lib/ensure/file.js:24
      await fs.writeFile(file, '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #171eb42dfb9741e6 Filesystem access.
pkgs/npm/[email protected]/lib/ensure/file.js:32
    await fs.writeFile(file, '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #089873c26a2a9034 Filesystem access.
pkgs/npm/[email protected]/lib/ensure/file.js:60
  fs.writeFileSync(file, '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b75a5f61e3a8185 Filesystem access.
pkgs/npm/[email protected]/lib/output-file/index.js:16
  return fs.writeFile(file, data, encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f574bad997718cb Filesystem access.
pkgs/npm/[email protected]/lib/output-file/index.js:25
  fs.writeFileSync(file, ...args)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

fs-jetpack

npm dependency
expand_more 14 low-confidence finding(s)
low env_fs dependency Excluded from app score #17710c908e7a8931 Filesystem access.
pkgs/npm/[email protected]/lib/copy.js:100
  const data = fs.readFileSync(srcPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39c4cf081f125e8f Filesystem access.
pkgs/npm/[email protected]/lib/copy.js:102
    fs.writeFileSync(destPath, data, { mode, flag: "wx" });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81c0060d7c319a32 Filesystem access.
pkgs/npm/[email protected]/lib/copy.js:108
        fs.writeFileSync(destPath, data, { mode });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75e3b915ec88d228 Filesystem access.
pkgs/npm/[email protected]/lib/inspect.js:88
  const data = fs.readFileSync(path);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdcb9184278271a2 Filesystem access.
pkgs/npm/[email protected]/lib/read.js:60
    data = fs.readFileSync(path, { encoding });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca4c1c248382e023 Filesystem access.
pkgs/npm/[email protected]/lib/read.js:95
    fs.readFile(path, { encoding })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60418b47cd511d82 Filesystem access.
pkgs/npm/[email protected]/lib/streams.js:3
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e14320ced604cf64 Filesystem access.
pkgs/npm/[email protected]/lib/utils/fs.js:5
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d833ecb321c7e372 Filesystem access.
pkgs/npm/[email protected]/lib/utils/tree_walker.js:3
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f8f7c849da77a58 Filesystem access.
pkgs/npm/[email protected]/lib/write.js:46
    fs.writeFileSync(path, data, options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9202f4a0e85755a8 Filesystem access.
pkgs/npm/[email protected]/lib/write.js:51
      fs.writeFileSync(path, data, options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be3d269a0f55415d Filesystem access.
pkgs/npm/[email protected]/lib/write.js:84
    fs.writeFile(path, data, options)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be720c62f687db2b Filesystem access.
pkgs/npm/[email protected]/lib/write.js:94
              return fs.writeFile(path, data, options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95cf8f14d0297c36 Filesystem access.
pkgs/npm/[email protected]/types.d.ts:5
import * as fs from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

globby

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #e756fc444a1c5512 Filesystem access.
pkgs/npm/[email protected]/gitignore.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6034cab69df010c1 Filesystem access.
pkgs/npm/[email protected]/gitignore.js:78
	const content = fs.readFileSync(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #937b9138ea87ef58 Filesystem access.
pkgs/npm/[email protected]/index.js:2
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

graphviz-mit

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #78e4155b67e5ee2d Filesystem access.
pkgs/npm/[email protected]/lib/deps/core_ext/fs-ext.js:1
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f747a1db2f896d0 Filesystem access.
pkgs/npm/[email protected]/lib/graphviz.js:4
var path = require('path'),
  spawn = require('child_process').spawn,
  temp = require('temp'),
  which = require('which'),
  fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ad08cd88653324a Filesystem access.
pkgs/npm/[email protected]/lib/graphviz.js:8
  fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

husky

npm dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #586e853146ee0362 Filesystem access.
pkgs/npm/[email protected]/bin.js:2
import f, { writeFileSync as w } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca6f2715ddc3046a Filesystem access.
pkgs/npm/[email protected]/bin.js:12
	s = f.readFileSync(n)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #594774330c4df0ea Filesystem access.
pkgs/npm/[email protected]/bin.js:15
	w(n, JSON.stringify(o, 0, /\t/.test(s) ? '\t' : 2) + '\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3244082e84f112a7 Filesystem access.
pkgs/npm/[email protected]/bin.js:18
	w('.husky/pre-commit', (p.env.npm_config_user_agent?.split('/')[0] ?? 'npm') + ' test\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19f90e5da441d32a Filesystem access.
pkgs/npm/[email protected]/index.js:2
import f, { readdir, writeFileSync as w } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #730196b180ec6c9b Environment-variable access.
pkgs/npm/[email protected]/index.js:9
	if (process.env.HUSKY === '0') return 'HUSKY=0 skip install'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a81647e191519e8 Filesystem access.
pkgs/npm/[email protected]/index.js:20
	w(_('.gitignore'), '*')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4681feec14e68900 Filesystem access.
pkgs/npm/[email protected]/index.js:22
	l.forEach(h => w(_(h), `#!/usr/bin/env sh\n. "\$(dirname "\$0")/h"`, { mode: 0o755 }))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73eaee169be97b09 Filesystem access.
pkgs/npm/[email protected]/index.js:23
	w(_('husky.sh'), msg)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

jest-junit

npm dependency
expand_more 6 low-confidence finding(s)
low env_fs dependency Excluded from app score #6b0bac183d6c87ed Filesystem access.
pkgs/npm/[email protected]/index.js:5
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #241acae037b0bc3f Filesystem access.
pkgs/npm/[email protected]/index.js:38
  fs.writeFileSync(outputPath, xml(jsonResults, { indent: '  ', declaration: true }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14cc9af9908b7b68 Filesystem access.
pkgs/npm/[email protected]/utils/buildJsonResults.js:6
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1e935a7294f3cbf Filesystem access.
pkgs/npm/[email protected]/utils/getOptions.js:4
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d31025c14f322096 Environment-variable access.
pkgs/npm/[email protected]/utils/getOptions.js:15
    if (process.env[name]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2565c53be29c63c3 Environment-variable access.
pkgs/npm/[email protected]/utils/getOptions.js:16
      options[constants.ENVIRONMENT_CONFIG_MAP[name]] = process.env[name];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

line-replace

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #34d47f34672887a2 Filesystem access.
pkgs/npm/[email protected]/bin/index.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb07fa0194d25d18 Filesystem access.
pkgs/npm/[email protected]/bin/index.js:9
var art = fs.readFileSync(artFile, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bbbeb6df4694f1d Filesystem access.
pkgs/npm/[email protected]/src/line-replace.js:1
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

lint-staged

npm dependency
expand_more 17 low-confidence finding(s)
low env_fs dependency Excluded from app score #edcfe12b000ca615 Environment-variable access.
pkgs/npm/[email protected]/bin/lint-staged.js:16
  process.env.FORCE_COLOR = supportsColor.level.toString()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #917ec0ad58194ec7 Filesystem access.
pkgs/npm/[email protected]/lib/file.js:16
    return await fs.readFile(filename)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #414055db9a16595f Filesystem access.
pkgs/npm/[email protected]/lib/file.js:52
  await fs.writeFile(filename, buffer)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e694ee7b27a79dd Filesystem access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:134
      readFile(this.mergeHeadFilename).then((buffer) => (this.mergeHeadBuffer = buffer)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a21943f957736dd6 Filesystem access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:135
      readFile(this.mergeModeFilename).then((buffer) => (this.mergeModeBuffer = buffer)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7060955da707a4b Filesystem access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:136
      readFile(this.mergeMsgFilename).then((buffer) => (this.mergeMsgBuffer = buffer)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6047d7ec91f1802 Filesystem access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:148
        this.mergeHeadBuffer && writeFile(this.mergeHeadFilename, this.mergeHeadBuffer),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a17021419556228 Filesystem access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:149
        this.mergeModeBuffer && writeFile(this.mergeModeFilename, this.mergeModeBuffer),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b6ab85194e612b5 Filesystem access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:150
        this.mergeMsgBuffer && writeFile(this.mergeMsgFilename, this.mergeMsgBuffer),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fea337c624962192 Environment-variable access.
pkgs/npm/[email protected]/lib/index.js:124
  debugLog('Unset GIT_LITERAL_PATHSPECS (was `%s`)', process.env.GIT_LITERAL_PATHSPECS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79bb5c209f987b8b Environment-variable access.
pkgs/npm/[email protected]/lib/index.js:125
  delete process.env.GIT_LITERAL_PATHSPECS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd0a5a99c6d58f8c Filesystem access.
pkgs/npm/[email protected]/lib/loadConfig.js:74
  return fs.readFile(absolutePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #694f775c7d394123 Environment-variable access.
pkgs/npm/[email protected]/lib/resolveGitRepo.js:48
    debugLog('Unset GIT_DIR (was `%s`)', process.env.GIT_DIR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7c7cf1b77fb510f Environment-variable access.
pkgs/npm/[email protected]/lib/resolveGitRepo.js:49
    delete process.env.GIT_DIR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8da2368c3e02801a Environment-variable access.
pkgs/npm/[email protected]/lib/resolveGitRepo.js:50
    debugLog('Unset GIT_WORK_TREE (was `%s`)', process.env.GIT_WORK_TREE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a022ce661d7ca42 Environment-variable access.
pkgs/npm/[email protected]/lib/resolveGitRepo.js:51
    delete process.env.GIT_WORK_TREE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ff8b71bb8c8b117 Filesystem access.
pkgs/npm/[email protected]/lib/version.js:4
  const packageJson = JSON.parse(await fs.readFile(new URL('../package.json', import.meta.url)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

mariadb

npm dependency
expand_more 7 low-confidence finding(s)
low env_fs dependency Excluded from app score #d75924824bbe7eec Filesystem access.
pkgs/npm/[email protected]/lib/cmd/handshake/auth/caching-sha2-password-auth.js:5
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0657c1456d2a3a93 Filesystem access.
pkgs/npm/[email protected]/lib/cmd/handshake/auth/caching-sha2-password-auth.js:75
                  key = fs.readFileSync(key, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae9c20869760edef Filesystem access.
pkgs/npm/[email protected]/lib/cmd/handshake/auth/sha256-password-auth.js:5
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c622819c452d8d2 Filesystem access.
pkgs/npm/[email protected]/lib/cmd/handshake/auth/sha256-password-auth.js:52
              key = fs.readFileSync(key, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f3cd52dab39ce6d Filesystem access.
pkgs/npm/[email protected]/lib/cmd/parser.js:10
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #690f1ea2967d38f3 Environment-variable access.
pkgs/npm/[email protected]/lib/config/connection-options.js:30
    this.user = opts.user || process.env.USERNAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fbae32c538cdbf2 Filesystem access.
pkgs/npm/[email protected]/lib/connection.js:35
const fsPromises = require('fs').promises;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

mysql2

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #6c426a08e3d35376 Environment-variable access.
pkgs/npm/[email protected]/lib/packets/index.js:58
  if (process.env.NODE_DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

npm-packlist

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #f311ff0c8bcaf52e Filesystem access.
pkgs/npm/[email protected]/lib/index.js:32
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8878490f5cb3d700 Filesystem access.
pkgs/npm/[email protected]/lib/index.js:39
      const ignoreContent = fs.readFileSync(path.join(root, file), { encoding: 'utf8' })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2346cf67f6171c6 Filesystem access.
pkgs/npm/[email protected]/lib/index.js:488
    fs.readFile(this.path + '/package.json', (er, pkg) =>
      this.onReadPackageJson(entries, er, pkg))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

open

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #2d7d6a4d0c85eb9f Filesystem access.
pkgs/npm/[email protected]/index.js:3
const {promises: fs, constants: fsConstants} = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81cb2b117f9268ea Filesystem access.
pkgs/npm/[email protected]/index.js:63
		const configContent = await fs.readFile(configFilePath, {encoding: 'utf8'});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13e6756f37bf55e9 Environment-variable access.
pkgs/npm/[email protected]/index.js:147
			`${process.env.SYSTEMROOT}\\System32\\WindowsPowerShell\\v1.0\\powershell`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

openapi-typescript

npm dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #40f71398ec064d5c Filesystem access.
pkgs/npm/[email protected]/bin/cli.js:117
    const previous = fs.readFileSync(outputPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e643caebbb03358f Filesystem access.
pkgs/npm/[email protected]/bin/cli.js:176
  const packageJSON = JSON.parse(fs.readFileSync(new URL("../package.json", import.meta.url), "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b3a28560b533c41 Filesystem access.
pkgs/npm/[email protected]/bin/cli.js:221
        fs.writeFileSync(outFile, result, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8de3338246709584 Filesystem access.
pkgs/npm/[email protected]/bin/cli.js:240
      fs.writeFileSync(outFile, result, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02fd8e1091603b83 Filesystem access.
pkgs/npm/[email protected]/bin/cli.js:264
      fs.writeFileSync(outFile, result, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20db72543be2ee6c Environment-variable access.
pkgs/npm/[email protected]/src/lib/utils.ts:70
    process.env.DEBUG &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e79c4ed1ccd9b9cf Environment-variable access.
pkgs/npm/[email protected]/src/lib/utils.ts:72
      process.env.DEBUG === "*" ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c815670ff8b77cc Environment-variable access.
pkgs/npm/[email protected]/src/lib/utils.ts:73
      process.env.DEBUG === "openapi-ts:*" ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67320490e16561fa Environment-variable access.
pkgs/npm/[email protected]/src/lib/utils.ts:74
      process.env.DEBUG.toLocaleLowerCase() === `openapi-ts:${group.toLocaleLowerCase()}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ora

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #eb01981eaea660cf Environment-variable access.
pkgs/npm/[email protected]/index.js:64
		if (process.env.NODE_ENV === 'test') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pg

npm dependency
expand_more 6 low-confidence finding(s)
low env_fs dependency Excluded from app score #6c3666b88c8c34e4 Environment-variable access.
pkgs/npm/[email protected]/lib/connection-parameters.js:15
    envVar = process.env['PG' + key.toUpperCase()]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4fc996811561b38a Environment-variable access.
pkgs/npm/[email protected]/lib/connection-parameters.js:19
    envVar = process.env[envVar]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bda4403b6f50297d Environment-variable access.
pkgs/npm/[email protected]/lib/connection-parameters.js:26
  switch (process.env.PGSSLMODE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7bdd99c98b289555 Environment-variable access.
pkgs/npm/[email protected]/lib/connection-parameters.js:127
      this.connect_timeout = process.env.PGCONNECT_TIMEOUT || 0

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8965510709b30b3c Environment-variable access.
pkgs/npm/[email protected]/lib/defaults.js:5
  user = process.platform === 'win32' ? process.env.USERNAME : process.env.USER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96cdd98d9e2693f5 Environment-variable access.
pkgs/npm/[email protected]/lib/index.js:41
  forceNative = !!process.env.NODE_PG_FORCE_NATIVE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

postgres

npm dependency
expand_more 8 low-confidence finding(s)
low env_fs dependency Excluded from app score #e6085f679c7d8b81 Filesystem access.
pkgs/npm/[email protected]/cf/src/index.js:133
        fs.readFile(path, 'utf8', (err, string) => {
          if (err)
            return query.reject(err)

          query.strings = [string]
          handler(query)
        })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #053a4df8fe575aac Environment-variable access.
pkgs/npm/[email protected]/cf/src/index.js:565
    return process.env.USERNAME || process.env.USER || process.env.LOGNAME  // eslint-disable-line

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d662ecb78d8414e Filesystem access.
pkgs/npm/[email protected]/cjs/src/index.js:2
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #272d5909b3aecef7 Filesystem access.
pkgs/npm/[email protected]/cjs/src/index.js:132
        fs.readFile(path, 'utf8', (err, string) => {
          if (err)
            return query.reject(err)

          query.strings = [string]
          handler(query)
        })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3071cb3f28c7e85 Environment-variable access.
pkgs/npm/[email protected]/cjs/src/index.js:564
    return process.env.USERNAME || process.env.USER || process.env.LOGNAME  // eslint-disable-line

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d497b3de3e0d4ae Filesystem access.
pkgs/npm/[email protected]/src/index.js:2
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff14a4ba1cde6a69 Filesystem access.
pkgs/npm/[email protected]/src/index.js:132
        fs.readFile(path, 'utf8', (err, string) => {
          if (err)
            return query.reject(err)

          query.strings = [string]
          handler(query)
        })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76e127a505912ff2 Environment-variable access.
pkgs/npm/[email protected]/src/index.js:564
    return process.env.USERNAME || process.env.USER || process.env.LOGNAME  // eslint-disable-line

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

prettier

npm dependency
expand_more 72 low-confidence finding(s)
low env_fs dependency Excluded from app score #ce7a9bf507fe6dce Environment-variable access.
pkgs/npm/[email protected]/bin/prettier.cjs:66
if (process.env.PRETTIER_EXPERIMENTAL_CLI || index !== -1) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7bcfa493aa706210 Environment-variable access.
pkgs/npm/[email protected]/index.mjs:5619
    var debug = typeof process === "object" && process.env && process.env.NODE_DEBUG && /\bsemver\b/i.test(process.env.NODE_DEBUG) ? (...args) => console.error("SEMVER", ...args) : () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31de6756e73a6e7d Environment-variable access.
pkgs/npm/[email protected]/index.mjs:6165
    if (process.env.npm_package_name === "pseudomap" && process.env.npm_lifecycle_script === "test")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b115304298bed02b Environment-variable access.
pkgs/npm/[email protected]/index.mjs:6166
      process.env.TEST_PSEUDOMAP = "true";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3769bd30d7a94e1b Environment-variable access.
pkgs/npm/[email protected]/index.mjs:6167
    if (typeof Map === "function" && !process.env.TEST_PSEUDOMAP) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0afde1b156f44b4f Environment-variable access.
pkgs/npm/[email protected]/index.mjs:6509
    var hasSymbol = typeof Symbol === "function" && process.env._nodeLRUCacheForceNoSymbol !== "1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5936c3904895ad64 Filesystem access.
pkgs/npm/[email protected]/index.mjs:7644
            fs4.readFile(file, "utf8", function(err, data) {
              if (err) {
                reject(err);
                return;
              }
              resolve3(parseString2(data));
            });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bffdb01a2ef128c7 Filesystem access.
pkgs/npm/[email protected]/index.mjs:7657
      return parseString2(fs4.readFileSync(file, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ad695394a58d4fc Filesystem access.
pkgs/npm/[email protected]/index.mjs:7993
              fs4.readFile(name, "utf8", function(err, data) {
                resolve3({
                  name,
                  contents: err ? "" : data
                });
              });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc0d64a13f89b8d1 Filesystem access.
pkgs/npm/[email protected]/index.mjs:8009
          file = fs4.readFileSync(filepath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #972937887aedb1c0 Environment-variable access.
pkgs/npm/[email protected]/index.mjs:8284
      return typeof process === "object" && (process.env.FORCE_COLOR === "0" || process.env.FORCE_COLOR === "false") ? false : picocolors5.isColorSupported;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b64dcb8054206c1 Filesystem access.
pkgs/npm/[email protected]/index.mjs:10300
import * as fs from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5007eebc2872107d Filesystem access.
pkgs/npm/[email protected]/index.mjs:12225
import fs2 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #754be66673baf3e3 Filesystem access.
pkgs/npm/[email protected]/index.mjs:12231
    return await fs2.readFile(file, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dfe2915f29b83629 Filesystem access.
pkgs/npm/[email protected]/index.mjs:12382
import { statSync, realpathSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba8830658af7c86c Filesystem access.
pkgs/npm/[email protected]/index.mjs:12392
import fs3 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9fc289743388c95 Filesystem access.
pkgs/npm/[email protected]/index.mjs:12744
    string = fs3.readFileSync(path6.toNamespacedPath(jsonPath), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c811ffc9173404bf Environment-variable access.
pkgs/npm/[email protected]/index.mjs:16787
      if (process.env.PRETTIER_DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92ab5fcfdabda078 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:12
import fs from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c670090a52bf9c2 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:395
  return dist_default.retry.readFile(timeout)(filePath, options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1e004dd066e42cb Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:510
import { statSync, realpathSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1898b4aa29cf68c Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:520
import fs2 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27c94d1711591053 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:872
    string2 = fs2.readFileSync(path3.toNamespacedPath(jsonPath), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #785609ddb2222dbc Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:1848
import fs3 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f769968b2d517c54 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:1925
          const content = fs3.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa31c4511783cc81 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:1931
          return fs3.writeFileSync(filePath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0cb44b468167c96 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:55
import fs from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #025fa9746fc8f7ac Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:97
import fs2 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4c6d90af3125906 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:108
      const buffer2 = attempt(() => fs2.readFileSync(path17), Buffer2.alloc(0));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2cc36768e979036b Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:117
import fs3 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b258e9cfa7eca18 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:615
import fs4 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04138a65df465616 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:630
              const content = fs4.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec6ef0746949a8f0 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:636
              return fs4.writeFileSync(filePath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d205c4d63006846 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:2563
import fs5 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7282bebc585c40ee Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:2573
    string2 = fs5.readFileSync(path4.toNamespacedPath(jsonPath), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1548b72bbf81c958 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:2761
import { statSync, realpathSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8ad9208d7b3745d Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:3621
import fs6 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4bb027a7db222bb6 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:4668
import fs7 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d82a7ec2586057a1 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:5612
import fs8 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f384c7a3f0359adb Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:5638
          const store = JSON.parse(fs8.readFileSync(this.storePath, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cca3e74124540e5 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:5653
          fs8.writeFileSync(this.storePath, store);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b048229d6c821212 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:5669
          const content = fs8.readFileSync(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca8d8ae853e34102 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:6237
import fs9 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #850959e1dd045466 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:6251
        return fs9.readFile(filePath, "utf8").then(parse_default).catch(noop2);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c9b888a24eb5cdb Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:6574
import fs10 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2dcf73c378134161 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:6586
      return fs10.readFile(filePath, "utf8").catch(noop2);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c290720fd4ffb564 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:11280
import fs11 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #883caa0d88ee6922 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:11302
        const fileContent = fs11.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7d0616aa79a4b24 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:11307
        const fileContent = fs11.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d125b4c5e5b948ab Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:11313
        const fileBuffer = fs11.readFileSync(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #395fb4789c9f6757 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:11329
        const fileContent = fs11.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e72fc74202c72c15 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:11335
        const fileContent = fs11.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ee811b9de3fd16e Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:12191
import fs12 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f448b01409ab81a Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:12388
  return dist_default36.retry.readFile(timeout)(filePath, options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e9f95bb0f669ba6 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:13152
import fs13 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa78beff452a4f6f Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:13220
  const ignoreManualFilesContents = await Promise.all(ignoreManualFilesPaths.map((filePath) => fs13.readFile(filePath, "utf8").catch(() => "")));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54eb91b9dde79cf5 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:13225
  const prettierManualFilesContents = await Promise.all(prettierManualFilesPaths.map((filePath) => fs13.readFile(filePath, "utf8")));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b018830c125eb12 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1190
import fs from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ac9e899dd7b2df4 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1481
import fs9 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d82732a84d231c48 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1690
import fs4 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9de4c63cf8a9ffd6 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1698
import fs3 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67ee6d66bb2fbf36 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1706
import fs2 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb4fc45d8354fc01 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1800
    const data = await fs4.readFile(cacheFile, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ede2df65c2b522c Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1818
import fs7 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8897c28c632df6a8 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1822
import fs6 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #493c6fb9652a9bc0 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1827
import fs5 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36975c7656c3bf29 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:2921
      const data = fs5.readFileSync(pathToFile, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e06fc398d61cf57 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:3061
        fs5.writeFileSync(filePath, data);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be6822cbd265e5d0 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:3391
        const buffer = fs6.readFileSync(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e80aa19ef89f5155 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:3635
import fs8 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #061c34d8163880c1 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:3897
  writeFormattedFile: (file, data) => fs8.writeFile(file, data)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #398de0e041aa2444 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:4253
      input = await fs9.readFile(filename, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

resolve

npm dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #330151b125db8460 Filesystem access.
pkgs/npm/[email protected]/lib/async.js:1
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff529e7a5ec9986c Environment-variable access.
pkgs/npm/[email protected]/lib/homedir.js:8
    var home = process.env.HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #454cd1cfb628cff6 Environment-variable access.
pkgs/npm/[email protected]/lib/homedir.js:9
    var user = process.env.LOGNAME || process.env.USER || process.env.LNAME || process.env.USERNAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8189fe5cf4b4f5b1 Environment-variable access.
pkgs/npm/[email protected]/lib/homedir.js:12
        return process.env.USERPROFILE || process.env.HOMEDRIVE + process.env.HOMEPATH || home || null;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d075c4c79f62086 Filesystem access.
pkgs/npm/[email protected]/lib/sync.js:2
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

semver

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #4dab14e610b4e0d0 Environment-variable access.
pkgs/npm/[email protected]/internal/debug.js:4
  process.env.NODE_DEBUG &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5b43b6299139720 Environment-variable access.
pkgs/npm/[email protected]/internal/debug.js:5
  /\bsemver\b/i.test(process.env.NODE_DEBUG)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

size-limit

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #eeffeb45d998829e Filesystem access.
pkgs/npm/[email protected]/process-import.js:24
  await writeFile(entry, loader)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b88f8ea9b120cbfd Filesystem access.
pkgs/npm/[email protected]/read-pkg-up.js:7
  return JSON.parse(await readFile(filePath, 'utf8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

staged-git-files

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #33f6b1d114b9f019 Filesystem access.
pkgs/npm/[email protected]/index.js:2
var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d6579a1eba1e6d8 Filesystem access.
pkgs/npm/[email protected]/index.js:91
    fs.readFile(sgf.cwd + "/" + filename, options, callback);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fbf844f9c12295d Filesystem access.
pkgs/npm/[email protected]/index.js:182
                    result.content = fs.readFileSync(sgf.cwd + "/" + result.filename, {
                        encoding: "utf8"
                    });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

tempy

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #14a6cedd8bc840be Filesystem access.
pkgs/npm/[email protected]/index.js:2
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8432e8954b39c2f9 Filesystem access.
pkgs/npm/[email protected]/index.js:66
	fs.writeFileSync(filename, data);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ts-node

npm dependency
expand_more 7 low-confidence finding(s)
low env_fs dependency Excluded from app score #3f9417dd0098a33f Filesystem access.
pkgs/npm/[email protected]/dist-raw/node-internal-modules-cjs-loader.js:27
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5529f6e1f4b9f76c Filesystem access.
pkgs/npm/[email protected]/dist-raw/node-internal-modules-esm-resolve.js:39
const {
  realpathSync,
  statSync,
  Stats,
} = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bba377561d906eb5 Filesystem access.
pkgs/npm/[email protected]/dist-raw/node-internal-modules-esm-resolve.js:43
} = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c3034b829c8c261 Filesystem access.
pkgs/npm/[email protected]/dist-raw/node-internalBinding-fs.js:1
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d763d002596c907a Filesystem access.
pkgs/npm/[email protected]/dist-raw/node-internalBinding-fs.js:13
    string = fs.readFileSync(path, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60c1112f2c78fdfd Environment-variable access.
pkgs/npm/[email protected]/dist-raw/node-options.js:48
  const envArgv = ParseNodeOptionsEnvVar(process.env.NODE_OPTIONS || '', errors);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ebded6c7e4717f14 Environment-variable access.
pkgs/npm/[email protected]/dist-raw/node-options.js:99
  if(process.env.NODE_PENDING_DEPRECATION === '1') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

typescript

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #c7cdf023e4303a32 Filesystem access.
pkgs/npm/[email protected]/lib/cancellationToken.js:42
var fs = __toESM(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #753c4c888edd05dc Filesystem access.
pkgs/npm/[email protected]/lib/watchGuard.js:42
var fs = __toESM(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

undici

npm dependency
expand_more 10 low-confidence finding(s)
low env_fs dependency Excluded from app score #6b47afb322d5a12a Environment-variable access.
pkgs/npm/[email protected]/lib/core/connect.js:21
if (global.FinalizationRegistry && !(process.env.NODE_V8_COVERAGE || process.env.UNDICI_NO_FG)) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da86024c4ac529f8 Environment-variable access.
pkgs/npm/[email protected]/lib/dispatcher/client-h1.js:64
  const llhttpWasmData = process.env.JEST_WORKER_ID ? require('../llhttp/llhttp-wasm.js') : undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a817f60c2855a41 Environment-variable access.
pkgs/npm/[email protected]/lib/dispatcher/env-http-proxy-agent.js:26
    const HTTP_PROXY = httpProxy ?? process.env.http_proxy ?? process.env.HTTP_PROXY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e481bbb490501b04 Environment-variable access.
pkgs/npm/[email protected]/lib/dispatcher/env-http-proxy-agent.js:33
    const HTTPS_PROXY = httpsProxy ?? process.env.https_proxy ?? process.env.HTTPS_PROXY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a04f9fa7e0dc62e8 Environment-variable access.
pkgs/npm/[email protected]/lib/dispatcher/env-http-proxy-agent.js:147
    return process.env.no_proxy ?? process.env.NO_PROXY ?? ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a04cf0bdadc4eec5 Environment-variable access.
pkgs/npm/[email protected]/lib/mock/pending-interceptors-formatter.js:23
        colors: !disableColors && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9453383fbb9f189 Environment-variable access.
pkgs/npm/[email protected]/lib/web/fetch/dispatcher-weakref.js:38
  if (process.env.NODE_V8_COVERAGE && process.version.startsWith('v18')) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #ca4cb069200f183e Filesystem access.
pkgs/npm/[email protected]/scripts/strip-comments.js:7
  ? transcode(readFileSync('./undici-fetch.js'), 'utf8', 'latin1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #dec1bbe2921acb98 Filesystem access.
pkgs/npm/[email protected]/scripts/strip-comments.js:8
  : readFileSync('./undici-fetch.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #9efba2e8a1b14adb Filesystem access.
pkgs/npm/[email protected]/scripts/strip-comments.js:10
writeFileSync('./undici-fetch.js', buffer.toString('latin1'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

  • @prisma/debug prod — dist-only: no readable source
  • @prisma/driver-adapter-utils prod — dist-only: no readable source
  • c12 prod — dist-only: no readable source
  • deepmerge-ts prod — dist-only: no readable source
  • @prisma/dmmf prod — dist-only: no readable source
  • @planetscale/database prod — dist-only: no readable source
  • @prisma/client-common prod — dist-only: no readable source
  • @prisma/fetch-engine prod — dist-only: no readable source
  • @prisma/generator prod — dist-only: no readable source
  • @prisma/param-graph-builder prod — dist-only: no readable source
  • @prisma/internals prod — dist-only: no readable source
  • @prisma/ts-builders prod — dist-only: no readable source
  • get-tsconfig prod — dist-only: no readable source
  • ts-pattern prod — dist-only: no readable source
  • xdg-app-paths prod — dist-only: no readable source
  • @prisma/config prod — dist-only: no readable source
  • @prisma/dev prod — dist-only: no readable source
  • @prisma/studio-core prod — dist-only: no readable source
  • mssql prod — scan budget exceeded
  • pg-types prod — scan budget exceeded
  • @prisma/ppg prod — scan budget exceeded
  • @bugsnag/cuid prod — scan budget exceeded
  • @paralleldrive/cuid2 prod — scan budget exceeded
  • @prisma/client-runtime-utils prod — scan budget exceeded
  • @prisma/sqlcommenter prod — scan budget exceeded
  • @prisma/param-graph prod — scan budget exceeded
  • @prisma/json-protocol prod — scan budget exceeded
  • nanoid prod — scan budget exceeded
  • ulid prod — scan budget exceeded
  • uuid prod — scan budget exceeded
  • @ark/attest prod — scan budget exceeded
  • @prisma/adapter-d1 prod — scan budget exceeded
  • @prisma/adapter-neon prod — scan budget exceeded
  • @prisma/adapter-planetscale prod — scan budget exceeded
  • prisma prod — scan budget exceeded
  • @opentelemetry/instrumentation prod — scan budget exceeded
  • @prisma/client-generator-js prod — scan budget exceeded
  • @prisma/client-generator-ts prod — scan budget exceeded

Development

  • @slack/webhook dev — dist-only: no readable source
  • @typescript-eslint/parser dev — dist-only: no readable source
  • @typescript-eslint/utils dev — dist-only: no readable source
  • @vitest/coverage-v8 dev — dist-only: no readable source
  • batching-toposort dev — dist-only: no readable source
  • prettier2 dev — registry 404
  • spdx-exceptions dev — no javascript source
  • spdx-license-ids dev — no javascript source
  • tsx dev — dist-only: no readable source
  • turbo dev — no javascript source
  • @prisma/get-platform dev — dist-only: no readable source
  • @hono/node-server dev — dist-only: no readable source
  • @hono/zod-validator dev — dist-only: no readable source
  • @prisma/adapter-pg dev — dist-only: no readable source
  • @prisma/adapter-mariadb dev — dist-only: no readable source
  • @prisma/adapter-mssql dev — dist-only: no readable source
  • @prisma/client-engine-runtime dev — dist-only: no readable source
  • hono dev — dist-only: no readable source
  • @codspeed/benchmark.js-plugin dev — dist-only: no readable source
  • @inquirer/prompts dev — dist-only: no readable source
  • @modelcontextprotocol/sdk dev — dist-only: no readable source
  • @prisma/adapter-libsql dev — dist-only: no readable source
  • @prisma/client-generator-registry dev — dist-only: no readable source
  • @prisma/client dev — tarball exceeds byte cap
  • @prisma/credentials-store dev — dist-only: no readable source
  • @prisma/management-api-sdk dev — dist-only: no readable source
  • @prisma/migrate dev — dist-only: no readable source
  • async-listen dev — dist-only: no readable source
  • checkpoint-client dev — dist-only: no readable source
  • get-port-please dev — dist-only: no readable source
  • ohash dev — dist-only: no readable source
  • pathe dev — scan budget exceeded
  • react dev — scan budget exceeded
  • react-dom dev — scan budget exceeded
  • resolve-pkg dev — scan budget exceeded
  • std-env dev — scan budget exceeded
  • strip-ansi dev — scan budget exceeded
  • webpack dev — scan budget exceeded
  • @types/mssql dev — scan budget exceeded
  • @prisma/get-dmmf dev — scan budget exceeded
  • @swc-node/register dev — scan budget exceeded
  • @types/cross-spawn dev — scan budget exceeded
  • cross-spawn dev — scan budget exceeded
  • fast-check dev — scan budget exceeded
  • @prisma/instrumentation-contract dev — scan budget exceeded
  • @faker-js/faker dev — scan budget exceeded
  • @fast-check/jest dev — scan budget exceeded
  • @jest/create-cache-key-function dev — scan budget exceeded
  • @jest/globals dev — scan budget exceeded
  • @jest/test-sequencer dev — scan budget exceeded
  • @opentelemetry/resources dev — scan budget exceeded
  • @opentelemetry/semantic-conventions dev — scan budget exceeded
  • @prisma/adapter-better-sqlite3 dev — scan budget exceeded
  • @prisma/generator-helper dev — scan budget exceeded