Close Open Privacy Scan

bolt Snapshot: commit 9429a4e
science engine v2
schedule 2026-07-01T07:07:41.199312+00:00

verified_user No application data leak found

No high-confidence exfiltration was found in application code. Dependency data flows are listed separately and do not affect this verdict.

App Privacy Score

97 /100
Low privacy risk

Low risk · 266 finding(s)

Dependency score: 37 (High risk)

bar_chart Score Breakdown

env_fs −3

list Scan Summary

3 high 0 medium 263 low
First-party packages: 1
Dependency packages: 15
Ecosystem: npm

swap_horiz Application data flows

No application data flows were found. See dependency data flows below.

hub Dependency data flows (3)
high dojo dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/request/node.js:55 pkgs/npm/[email protected]/request/node.js:57
high coveralls dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/lib/sendToCoveralls.js:9 pkgs/npm/[email protected]/lib/sendToCoveralls.js:19
high codecov.io dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/lib/sendToCodeCov.io.js:13 pkgs/npm/[email protected]/lib/sendToCodeCov.io.js:25

</> First-Party Code

first-party (npm)

npm first-party
expand_more 9 low-confidence finding(s)
low env_fs production #ab59977e43b1fb4b Filesystem access.
repo/lib/common/file.js:35
    result[key] = _.template(fs.readFileSync(filePath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #755f63ca9cd5804b Filesystem access.
repo/lib/common/minify.js:36
  fs.writeFile(destPath, output.code, 'utf-8', callback);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f1674e9eb77db5b6 Filesystem access.
repo/lib/fp/build-doc.js:75
  fs.writeFile(target, template.wiki(templateData), util.pitch);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #998b0833b916e720 Filesystem access.
repo/lib/main/build-doc.js:80
  fs.writeFile(readmePath, postprocess(markdown), util.pitch);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #066ce87d1256a5a3 Filesystem access.
repo/lib/main/build-site.js:5
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6001fb5396f94933 Filesystem access.
repo/lib/main/build-site.js:182
  const markdown = fs
    // Load markdown.
    .readFileSync(readmePath, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #303e1cd22266b06c Filesystem access.
repo/lib/main/build-site.js:236
  fs.writeFile(path.join(docPath, version + '.html'), html, util.pitch);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e445fe0e2968b598 Filesystem access.
repo/perf/perf.js:46
        result = require('fs').realpathSync(result);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #411bc8f4cc785e2c Environment-variable access.
repo/playwright.config.js:7
    retries: process.env.CI ? 2 : 0,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

codecov.io

npm dependency
high pii_flow dependency Excluded from app score #2046fd1e5b13d81e User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/lib/sendToCodeCov.io.js:25 · flow /tmp/closeopen-0nz25tl5/pkgs/npm/[email protected]/lib/sendToCodeCov.io.js:13 → /tmp/closeopen-0nz25tl5/pkgs/npm/[email protected]/lib/sendToCodeCov.io.js:25
  request.post(options, function(err, response, body){
    if (err){
      return cb(err);
    }
    if (response.statusCode !== 200){
      var error = new Error("non-success response");
      error.detail = {
        statusCode : response.statusCode,
        body : body,
        request : options
      };
      return cb(error);
    }
    return cb();
  });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #78b96576ab9731dc Environment-variable access.
pkgs/npm/[email protected]/lib/getConfiguration.js:30
  var token = (process.env.codecov_token || process.env.CODECOV_TOKEN);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd928ea25fea3243 Environment-variable access.
pkgs/npm/[email protected]/lib/sendToCodeCov.io.js:13
  var token = (process.env.codecov_token || process.env.CODECOV_TOKEN);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

coveralls

npm dependency
high pii_flow dependency Excluded from app score #442575128ed034c5 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/lib/sendToCoveralls.js:19 · flow /tmp/closeopen-0nz25tl5/pkgs/npm/[email protected]/lib/sendToCoveralls.js:9 → /tmp/closeopen-0nz25tl5/pkgs/npm/[email protected]/lib/sendToCoveralls.js:19
    request.post({
      url,
      form: {
        json: str
      }
    }, (err, response, body) => {
      cb(err, response, body);
    });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 105 low-confidence finding(s)
low env_fs dependency Excluded from app score #46e1a59a624203fd Filesystem access.
pkgs/npm/[email protected]/lib/convertLcovToCoveralls.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97cc617addca8e35 Filesystem access.
pkgs/npm/[email protected]/lib/convertLcovToCoveralls.js:33
  const source = fs.readFileSync(filepath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed2da27130da664f Filesystem access.
pkgs/npm/[email protected]/lib/detectLocalGit.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #443cbcc1388af699 Filesystem access.
pkgs/npm/[email protected]/lib/detectLocalGit.js:26
  const head = fs.readFileSync(path.join(dir, '.git', 'HEAD'), 'utf-8').trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1a405c78e0d11f4 Filesystem access.
pkgs/npm/[email protected]/lib/detectLocalGit.js:43
    return fs.readFileSync(ref, 'utf-8').trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a99dfcfd5b13939 Filesystem access.
pkgs/npm/[email protected]/lib/detectLocalGit.js:49
  const packedRefsText = fs.readFileSync(packedRefs, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56d62cc0e97290fe Filesystem access.
pkgs/npm/[email protected]/lib/getOptions.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #488aff196a42ec9d Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:13
  let git_commit = process.env.COVERALLS_GIT_COMMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #503d231f5106ba07 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:14
  let git_branch = process.env.COVERALLS_GIT_BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a653e07e95b652c8 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:19
  const match = (process.env.CI_PULL_REQUEST || '').match(/(\d+)$/);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5c6bee6dd084c2d Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:25
  if (process.env.TRAVIS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7dd9d414d3f5b0fa Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:27
    options.service_number = process.env.TRAVIS_BUILD_NUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c21993cd073120a Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:28
    options.service_job_id = process.env.TRAVIS_JOB_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #967961921a47f671 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:29
    options.service_pull_request = process.env.TRAVIS_PULL_REQUEST;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85c8b47d72c5c8f6 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:31
    git_branch = process.env.TRAVIS_BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5c2aca12758c874 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:34
  if (process.env.DRONE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75aa7f34135f7a0d Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:36
    options.service_job_id = process.env.DRONE_BUILD_NUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33623bd65caf24b1 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:37
    options.service_pull_request = process.env.DRONE_PULL_REQUEST;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0175a737f9bd7f99 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:38
    git_committer_name = process.env.DRONE_COMMIT_AUTHOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68e949cd9b86cfa6 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:39
    git_committer_email = process.env.DRONE_COMMIT_AUTHOR_EMAIL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb4d43dbbfb33225 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:40
    git_commit = process.env.DRONE_COMMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55ab139fa2311aef Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:41
    git_branch = process.env.DRONE_BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e44dc77740ef4d2 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:42
    git_message = process.env.DRONE_COMMIT_MESSAGE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d406f9e1cc07123 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:45
  if (process.env.JENKINS_URL || process.env.JENKINS_HOME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3aad563a92d7350 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:47
    options.service_job_id = process.env.BUILD_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b440fea72d7e1a05 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:48
    options.service_pull_request = process.env.CHANGE_ID || process.env.ghprbPullId;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a2ed7388b28ad2a Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:49
    git_committer_name = process.env.CHANGE_AUTHOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46efd8e15efd9f65 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:50
    git_committer_email = process.env.CHANGE_AUTHOR_EMAIL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdaf74fb5e2438a8 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:51
    git_commit = process.env.GIT_COMMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0c456556d687302 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:52
    git_branch = process.env.CHANGE_BRANCH || process.env.GIT_BRANCH || process.env.BRANCH_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a64be5773b25c8d Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:55
  if (process.env.CIRCLECI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8fec3ab8da286a9b Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:57
    options.service_number = process.env.CIRCLE_WORKFLOW_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b19a974a1f84028a Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:58
    options.service_job_number = process.env.CIRCLE_BUILD_NUM;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fbf1c8dd0853ef97 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:60
    if (process.env.CI_PULL_REQUEST) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ce0acb8fe43e9b8 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:61
      const pr = process.env.CI_PULL_REQUEST.split('/pull/');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b6adf52559b8d23 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:65
    git_commit = process.env.CIRCLE_SHA1;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ca782112ddca72e Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:66
    git_branch = process.env.CIRCLE_BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #752f50024d66baa7 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:69
  if (process.env.CI_NAME && process.env.CI_NAME === 'codeship') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da2aa94ed27cd569 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:71
    options.service_job_id = process.env.CI_BUILD_NUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e6a24ed84794f7e Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:72
    git_commit = process.env.CI_COMMIT_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d25446cbe7d0e9e Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:73
    git_branch = process.env.CI_BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d016bea108120c7c Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:74
    git_committer_name = process.env.CI_COMMITTER_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56cfcb556b3bbd58 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:75
    git_committer_email = process.env.CI_COMMITTER_EMAIL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a74c373b680446d5 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:76
    git_message = process.env.CI_COMMIT_MESSAGE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16882cdebd511d54 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:79
  if (process.env.WERCKER) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da339ae5689116bc Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:81
    options.service_job_id = process.env.WERCKER_BUILD_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29b0bfac35536cb1 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:82
    git_commit = process.env.WERCKER_GIT_COMMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1a62432dffd16ee Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:83
    git_branch = process.env.WERCKER_GIT_BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01f48e7a3ce56e34 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:86
  if (process.env.GITLAB_CI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c1e7ac2afd808b0 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:88
    options.service_job_number = process.env.CI_BUILD_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b90225cd7af9f947 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:89
    options.service_job_id = process.env.CI_BUILD_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97bb543d84356057 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:90
    options.service_pull_request = process.env.CI_MERGE_REQUEST_IID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f234cdfa1b123d70 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:91
    git_commit = process.env.CI_BUILD_REF;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a6a5fb52dbcf6df Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:92
    git_branch = process.env.CI_BUILD_REF_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9771f205d7ea2a1b Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:95
  if (process.env.APPVEYOR) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9b4b291aa43530d Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:97
    options.service_job_number = process.env.APPVEYOR_BUILD_NUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab58e09e92023fe2 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:98
    options.service_job_id = process.env.APPVEYOR_BUILD_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09a74b97a20dc28f Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:99
    git_commit = process.env.APPVEYOR_REPO_COMMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d23cec7b062d5ab Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:100
    git_branch = process.env.APPVEYOR_REPO_BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #979249bb096fa2b8 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:103
  if (process.env.SURF_SHA1) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f74598ac6d5444c8 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:105
    git_commit = process.env.SURF_SHA1;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30300bdd3e89bec5 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:106
    git_branch = process.env.SURF_REF;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7b56e84bbb8abb6 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:109
  if (process.env.BUILDKITE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c3b0206c67b17a2 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:111
    options.service_job_number = process.env.BUILDKITE_BUILD_NUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eafb129b958993e2 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:112
    options.service_job_id = process.env.BUILDKITE_BUILD_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9643cd2be7789529 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:113
    options.service_pull_request = process.env.BUILDKITE_PULL_REQUEST;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #334d30e3caf79c43 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:114
    git_commit = process.env.BUILDKITE_COMMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af7c1952b143988c Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:115
    git_branch = process.env.BUILDKITE_BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6deb44cb16691887 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:116
    git_committer_name = process.env.BUILDKITE_BUILD_CREATOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85ed83d1d2e7a8eb Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:117
    git_committer_email = process.env.BUILDKITE_BUILD_CREATOR_EMAIL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9954b8a88cb08bdb Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:118
    git_message = process.env.BUILDKITE_MESSAGE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2db8d56f9b9fb8bf Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:121
  if (process.env.SEMAPHORE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43c06e8cc664a34d Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:123
    options.service_job_id = process.env.SEMAPHORE_BUILD_NUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d37499bc59c6bbc Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:124
    git_commit = process.env.REVISION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b23281ae7462440a Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:125
    git_branch = process.env.BRANCH_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #638c79d161e176ad Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:128
  if (process.env.TF_BUILD) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76dafb5366c2e7f8 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:130
    options.service_job_id = process.env.BUILD_BUILDID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #103603ec08983351 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:131
    options.service_pull_request = process.env.SYSTEM_PULLREQUEST_PULLREQUESTNUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf09b28c61d0cd70 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:132
    git_commit = process.env.BUILD_SOURCEVERSION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #add198f9400c8739 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:133
    git_branch = process.env.BUILD_SOURCEBRANCHNAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b702fd5de4f629f Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:136
  if (process.env.CF_BRANCH) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98cbc23ecdec4f30 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:138
    options.service_job_id = process.env.CF_BUILD_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78d5c0c50041e1f2 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:139
    options.service_pull_request = process.env.CF_PULL_REQUEST_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6712a369f1d9ff75 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:140
    git_commit = process.env.CF_REVISION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa40e721b6957810 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:141
    git_branch = process.env.CF_BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef439a6fc532dbbf Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:142
    git_committer_name = process.env.CF_COMMIT_AUTHOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dcbdd66409c447d4 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:143
    git_message = process.env.CF_COMMIT_MESSAGE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a273f21d55632651 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:146
  options.run_at = process.env.COVERALLS_RUN_AT || JSON.stringify(new Date()).slice(1, -1);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a3b966fb13fd7d6 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:148
  if (process.env.COVERALLS_SERVICE_NUMBER) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f5be24a499b45c4 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:149
    options.service_number = process.env.COVERALLS_SERVICE_NUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69a4a8a864585342 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:152
  if (process.env.COVERALLS_SERVICE_JOB_NUMBER) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63499c49394fc6b6 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:153
    options.service_job_number = process.env.COVERALLS_SERVICE_JOB_NUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6ad52fe06bcd859 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:156
  if (process.env.COVERALLS_SERVICE_JOB_ID) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35babcb65fed243b Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:157
    options.service_job_id = process.env.COVERALLS_SERVICE_JOB_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2492a7ecf8fc744e Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:168
  if (process.env.COVERALLS_PARALLEL) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cbc6cf2af843e128 Filesystem access.
pkgs/npm/[email protected]/lib/getOptions.js:177
        return yaml.safeLoad(fs.readFileSync(yml, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6349a35d7ef81a7 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:196
  if (process.env.COVERALLS_REPO_TOKEN) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c3d76adebe98519 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:197
    options.repo_token = process.env.COVERALLS_REPO_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e489e5498c5ddc6 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:206
  if (process.env.COVERALLS_SERVICE_NAME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c834bd5e40d45e2a Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:207
    options.service_name = process.env.COVERALLS_SERVICE_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97172beb59b966c5 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:210
  if (process.env.COVERALLS_FLAG_NAME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15247d91836bb4ed Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:211
    options.flag_name = process.env.COVERALLS_FLAG_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7439b2a62eb2b45e Environment-variable access.
pkgs/npm/[email protected]/lib/logger.js:9
  if (index.options.verbose || process.env.NODE_COVERALLS_DEBUG === 1 || process.env.NODE_COVERALLS_DEBUG === '1') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0915a7d9a5ef7bbc Environment-variable access.
pkgs/npm/[email protected]/lib/sendToCoveralls.js:8
  if (process.env.COVERALLS_ENDPOINT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e748bebe880954d7 Environment-variable access.
pkgs/npm/[email protected]/lib/sendToCoveralls.js:9
    urlBase = process.env.COVERALLS_ENDPOINT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

dojo

npm dependency
high pii_flow dependency Excluded from app score #dcff9f46b0c5df27 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/request/node.js:57 · flow /tmp/closeopen-0nz25tl5/pkgs/npm/[email protected]/request/node.js:55 → /tmp/closeopen-0nz25tl5/pkgs/npm/[email protected]/request/node.js:57
		var req = response.clientRequest = (url.protocol === 'https:' ? https : http).request(reqOptions);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #471b223b18bd4ee2 Filesystem access.
pkgs/npm/[email protected]/_base/configNode.js:36
	var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d2516d1d28dc8bd Filesystem access.
pkgs/npm/[email protected]/_base/configNode.js:91
					vm.runInThisContext(fs.readFileSync(url, "utf8"), url);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbfd8c6fea920d8c Filesystem access.
pkgs/npm/[email protected]/_base/configNode.js:101
				onLoad(fs.readFileSync(url, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

curl-amd

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #054b1f7d0eb48f8e Filesystem access.
pkgs/npm/[email protected]/src/curl/shim/_fetchText.js:26
		fs.readFile(uri, function (ex, contents) {
			if (ex) {
				errback(ex);
			}
			else {
				callback(contents.toString());
			}
		});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

docdown

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #b1b39c5a897f61fe Filesystem access.
pkgs/npm/[email protected]/index.js:8
var _ = require('lodash'),
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc017f59f0795851 Filesystem access.
pkgs/npm/[email protected]/index.js:9
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cfb61d31431bf750 Filesystem access.
pkgs/npm/[email protected]/index.js:38
  return generator(fs.readFileSync(options.path, 'utf8'), options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ecstatic

npm dependency
expand_more 8 low-confidence finding(s)
low env_fs dependency Excluded from app score #04c71e3bf958227a Environment-variable access.
pkgs/npm/[email protected]/lib/bin.js:19
const envPORT = parseInt(process.env.PORT, 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #609ac89b0f4fe1bc Environment-variable access.
pkgs/npm/[email protected]/lib/bin.js:21
const host = process.env.HOST || opts.host || '0.0.0.0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #edc5ce29353a0088 Filesystem access.
pkgs/npm/[email protected]/lib/ecstatic.js:6
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7efbfca365d08c7e Filesystem access.
pkgs/npm/[email protected]/lib/ecstatic/show-dir/index.js:7
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e163cad20cb6e9d Filesystem access.
pkgs/npm/[email protected]/lib/ecstatic/show-dir/sort-files.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #e76ea3b1dcb5da16 Filesystem access.
pkgs/npm/[email protected]/scripts/build-icons.js:1
var fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #0be331ff4e9a50ff Filesystem access.
pkgs/npm/[email protected]/scripts/build-icons.js:12
  icons[tuple[0]] = fs.readFileSync(path.resolve(iconDir, filename), 'base64');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #6447897cdaad5ecc Filesystem access.
pkgs/npm/[email protected]/scripts/build-icons.js:15
fs.writeFileSync(path.resolve(__dirname, '../lib/ecstatic/show-dir/icons.json'), JSON.stringify(icons, null, 2), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

fs-extra

npm dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #667397ab4f7774b0 Filesystem access.
pkgs/npm/[email protected]/lib/ensure/file.js:24
      await fs.writeFile(file, '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6ad6900794c0392 Filesystem access.
pkgs/npm/[email protected]/lib/ensure/file.js:32
    await fs.writeFile(file, '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #729b84af1a80d69d Filesystem access.
pkgs/npm/[email protected]/lib/ensure/file.js:60
  fs.writeFileSync(file, '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4780b0d64946d8a9 Filesystem access.
pkgs/npm/[email protected]/lib/output-file/index.js:16
  return fs.writeFile(file, data, encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62b4e37950362c33 Filesystem access.
pkgs/npm/[email protected]/lib/output-file/index.js:25
  fs.writeFileSync(file, ...args)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

istanbul

npm dependency
expand_more 64 low-confidence finding(s)
low env_fs dependency Excluded from app score #6206d876b23c1cd7 Filesystem access.
pkgs/npm/[email protected]/lib/command/check-coverage.js:6
var nopt = require('nopt'),
    path = require('path'),
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5b41e04ae710a68 Filesystem access.
pkgs/npm/[email protected]/lib/command/check-coverage.js:8
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1fb008470554117e Filesystem access.
pkgs/npm/[email protected]/lib/command/check-coverage.js:124
                var coverageObject = JSON.parse(fs.readFileSync(file, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3aeb7702c4eb1e78 Filesystem access.
pkgs/npm/[email protected]/lib/command/common/run-with-cover.js:5
var Module = require('module'),
    path = require('path'),
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34de8159634ca448 Filesystem access.
pkgs/npm/[email protected]/lib/command/common/run-with-cover.js:7
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #860906a27082786b Environment-variable access.
pkgs/npm/[email protected]/lib/command/common/run-with-cover.js:121
        process.env.running_under_istanbul=1;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92fa12ffa248d985 Filesystem access.
pkgs/npm/[email protected]/lib/command/common/run-with-cover.js:224
                                transformer(fs.readFileSync(file, 'utf-8'), file);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6dbcae893b36ff9a Filesystem access.
pkgs/npm/[email protected]/lib/command/common/run-with-cover.js:242
                    fs.writeFileSync(file, JSON.stringify(cov), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32e8653505d4863c Filesystem access.
pkgs/npm/[email protected]/lib/command/instrument.js:6
var path = require('path'),
    mkdirp = require('mkdirp'),
    once = require('once'),
    async = require('async'),
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e32264e71bf52204 Filesystem access.
pkgs/npm/[email protected]/lib/command/instrument.js:10
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13c455165edc5095 Filesystem access.
pkgs/npm/[email protected]/lib/command/instrument.js:72
                fs.readFile(inputFile, 'utf8', function (err, data) {
                    if (err) { return callback(err, name); }
                    instrumenter.instrument(data, inputFile, function (iErr, instrumented) {
                        if (iErr) { return callback(iErr, name); }
                        fs.writeFile(outputFile, instrumented, 'utf8', function (err) {
                            return callback(err, name);
                        });
                    });
                });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49ac9ee14bc3a53a Filesystem access.
pkgs/npm/[email protected]/lib/command/instrument.js:76
                        fs.writeFile(outputFile, instrumented, 'utf8', function (err) {
                            return callback(err, name);
                        });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #917ff0c73d9db110 Filesystem access.
pkgs/npm/[email protected]/lib/command/instrument.js:107
            fs.writeFileSync(outputFile, fs.readFileSync(inputFile));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0077ebf4a275ca0c Filesystem access.
pkgs/npm/[email protected]/lib/command/instrument.js:231
                fs.writeFileSync(baselineFile, JSON.stringify(instrumenter.getCoverage()), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7bb677e5abff2c5f Filesystem access.
pkgs/npm/[email protected]/lib/command/instrument.js:256
            stream.write(instrumenter.instrumentSync(fs.readFileSync(file, 'utf8'), file));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1715ae70ec77cc6 Filesystem access.
pkgs/npm/[email protected]/lib/command/report.js:6
var nopt = require('nopt'),
    Report = require('../report'),
    Reporter = require('../reporter'),
    path = require('path'),
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a83efe32fc976ab5 Filesystem access.
pkgs/npm/[email protected]/lib/command/report.js:10
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #579ef29e81e972be Filesystem access.
pkgs/npm/[email protected]/lib/command/report.js:110
                var coverageObject =  JSON.parse(fs.readFileSync(file, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4578cf1673a1bf14 Environment-variable access.
pkgs/npm/[email protected]/lib/command/test.js:27
        runWithCover.run(args, this.type(), !!process.env.npm_config_coverage, callback);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a62564f2e9c49919 Filesystem access.
pkgs/npm/[email protected]/lib/config.js:5
var path = require('path'),
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a662aa578241282c Filesystem access.
pkgs/npm/[email protected]/lib/config.js:6
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6cadce206c793f9d Filesystem access.
pkgs/npm/[email protected]/lib/config.js:435
            yaml.safeLoad(fs.readFileSync(file, 'utf8'), { filename: file }) :

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b4efb1ade4d3544 Filesystem access.
pkgs/npm/[email protected]/lib/hook.js:34
var path = require('path'),
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ae88218ad49ed08 Filesystem access.
pkgs/npm/[email protected]/lib/hook.js:35
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5cbe4d56d37d52b1 Filesystem access.
pkgs/npm/[email protected]/lib/hook.js:105
            var ret = fn(fs.readFileSync(filename, 'utf8'), filename);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #205c28555ef2f751 Filesystem access.
pkgs/npm/[email protected]/lib/report/clover.js:220
        writer.writeFile(outputFile, function (contentWriter) {
            walk(root, collector, contentWriter, 0, projectRoot);
            writer.done();
        });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee37d608c3741716 Filesystem access.
pkgs/npm/[email protected]/lib/report/cobertura.js:214
        writer.writeFile(outputFile, function (contentWriter) {
            walk(root, collector, contentWriter, 0, projectRoot);
            writer.done();
        });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #551df96be067d650 Filesystem access.
pkgs/npm/[email protected]/lib/report/html.js:7
var handlebars = require('handlebars').create(),
    defaults = require('./common/defaults'),
    path = require('path'),
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0fdc5ca868091da5 Filesystem access.
pkgs/npm/[email protected]/lib/report/html.js:10
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5594a814c8741b8 Filesystem access.
pkgs/npm/[email protected]/lib/report/html.js:18
    templateFor = function (name) { return handlebars.compile(fs.readFileSync(path.resolve(__dirname, 'templates', name + '.txt'), 'utf8')); },

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86b26d270e89067d Filesystem access.
pkgs/npm/[email protected]/lib/report/html.js:479
        writer.writeFile(indexFile, function (contentWriter) {
            that.writeIndexPage(contentWriter, node);
        });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45eaee0c5ab516e5 Filesystem access.
pkgs/npm/[email protected]/lib/report/html.js:488
                writer.writeFile(childFile, function (contentWriter) {
                    that.writeDetailPage(contentWriter, child, collector.fileCoverageFor(child.fullPath()));
                });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e95f60978e113b3c Filesystem access.
pkgs/npm/[email protected]/lib/report/json-summary.js:58
        writer.writeFile(outputFile, function (contentWriter) {
            contentWriter.println("{");
            contentWriter.write('"total":');
            contentWriter.write(JSON.stringify(finalSummary));

            collector.files().forEach(function (key) {
                contentWriter.println(",");
                contentWriter.write(JSON.stringify(key));
                contentWriter.write(":");
                contentWriter.write(JSON.stringify(objectUtils.summarizeFileCoverage(collector.fileCoverageFor(key))));
            });
            contentWriter.println("}");
        });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #afedf94a2ed58d79 Filesystem access.
pkgs/npm/[email protected]/lib/report/json.js:50
        writer.writeFile(outputFile, function (contentWriter) {
            var first = true;
            contentWriter.println("{");
            collector.files().forEach(function (key) {
                if (first) {
                    first = false;
                } else {
                    contentWriter.println(",");
                }
                contentWriter.write(JSON.stringify(key));
                contentWriter.write(":");
                contentWriter.write(JSON.stringify(collector.fileCoverageFor(key)));
            });
            contentWriter.println("}");
        });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2fd32de01b803e75 Filesystem access.
pkgs/npm/[email protected]/lib/report/lcovonly.js:94
        writer.writeFile(outputFile, function (contentWriter) {
            collector.files().forEach(function (key) {
                that.writeFileCoverage(contentWriter, collector.fileCoverageFor(key));
            });
        });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36a0c9d1c6f494c3 Filesystem access.
pkgs/npm/[email protected]/lib/report/teamcity.js:6
var path = require('path'),
    util = require('util'),
    mkdirp = require('mkdirp'),
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65ffec900d2ceff5 Filesystem access.
pkgs/npm/[email protected]/lib/report/teamcity.js:9
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a96dfc3920c47a70 Filesystem access.
pkgs/npm/[email protected]/lib/report/teamcity.js:84
            fs.writeFileSync(path.join(this.dir, this.file), text, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bdc0892b85a699c6 Filesystem access.
pkgs/npm/[email protected]/lib/report/text-summary.js:6
var path = require('path'),
    util = require('util'),
    mkdirp = require('mkdirp'),
    defaults = require('./common/defaults'),
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6c7ba851ef9e247 Filesystem access.
pkgs/npm/[email protected]/lib/report/text-summary.js:10
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #513261c41ccc1053 Filesystem access.
pkgs/npm/[email protected]/lib/report/text-summary.js:85
            fs.writeFileSync(path.join(this.dir, this.file), text, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b627d293c8d4c7a Filesystem access.
pkgs/npm/[email protected]/lib/report/text.js:6
var path = require('path'),
    mkdirp = require('mkdirp'),
    util = require('util'),
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f6cb5ba00ab9572 Filesystem access.
pkgs/npm/[email protected]/lib/report/text.js:9
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9ba90aca7a0d092 Filesystem access.
pkgs/npm/[email protected]/lib/report/text.js:226
            fs.writeFileSync(path.join(this.dir, this.file), text, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38878a819659a3b0 Filesystem access.
pkgs/npm/[email protected]/lib/store/fslookup.js:6
var util = require('util'),
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #797435a5187eb180 Filesystem access.
pkgs/npm/[email protected]/lib/store/fslookup.js:7
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2840a93abec318a5 Filesystem access.
pkgs/npm/[email protected]/lib/store/fslookup.js:40
        return fs.readFileSync(key, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ef99a42092cd9f1 Filesystem access.
pkgs/npm/[email protected]/lib/store/tmp.js:6
var util = require('util'),
    path = require('path'),
    os = require('os'),
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3619aa518e626cf Filesystem access.
pkgs/npm/[email protected]/lib/store/tmp.js:9
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32ad245637f09896 Environment-variable access.
pkgs/npm/[email protected]/lib/store/tmp.js:14
    var dir = path.join(os.tmpdir ? os.tmpdir() : /* istanbul ignore next */ (process.env.TMPDIR || '/tmp'), 'ts' + new Date().getTime());

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #361879b1a77dd955 Filesystem access.
pkgs/npm/[email protected]/lib/store/tmp.js:54
        fs.writeFileSync(tmpFile, contents, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #acc3dead3b994543 Filesystem access.
pkgs/npm/[email protected]/lib/store/tmp.js:61
        return fs.readFileSync(tmpFile, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b29dbf082857abe6 Filesystem access.
pkgs/npm/[email protected]/lib/util/factory.js:6
var util = require('util'),
    path = require('path'),
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60a47a23037ec6cd Filesystem access.
pkgs/npm/[email protected]/lib/util/factory.js:8
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c69a489f56760f0 Filesystem access.
pkgs/npm/[email protected]/lib/util/file-matcher.js:6
var async = require('async'),
    glob = require('glob'),
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85d91928cb7b298e Filesystem access.
pkgs/npm/[email protected]/lib/util/file-matcher.js:8
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0eaabccfdef608ea Filesystem access.
pkgs/npm/[email protected]/lib/util/file-writer.js:6
var path = require('path'),
    util = require('util'),
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #acc84311de01a52f Filesystem access.
pkgs/npm/[email protected]/lib/util/file-writer.js:8
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6700e7a743b1f5ad Filesystem access.
pkgs/npm/[email protected]/lib/util/file-writer.js:58
        fs.writeFileSync(file, cw.getContent(), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f36b03446641649d Filesystem access.
pkgs/npm/[email protected]/lib/util/file-writer.js:144
        fs.writeFileSync(dest, fs.readFileSync(source));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d95e47ba802bf50 Filesystem access.
pkgs/npm/[email protected]/lib/util/file-writer.js:147
        this.delegate.writeFile(file, callback);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b48996d84b47ba3b Filesystem access.
pkgs/npm/[email protected]/lib/util/meta.js:5
var path = require('path'),
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5fe69c945be4925e Filesystem access.
pkgs/npm/[email protected]/lib/util/meta.js:6
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3e24dcc0eba20cb Filesystem access.
pkgs/npm/[email protected]/lib/util/meta.js:7
    pkg = JSON.parse(fs.readFileSync(path.resolve(__dirname, '..', '..', 'package.json'), 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

jscs

npm dependency
expand_more 7 low-confidence finding(s)
low env_fs dependency Excluded from app score #cbc14abeca08c029 Filesystem access.
pkgs/npm/[email protected]/lib/cli-config.js:5
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0993d312b195b3c Filesystem access.
pkgs/npm/[email protected]/lib/cli-config.js:78
            data = stripBOM(fs.readFileSync(configPath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9bb778336d067033 Environment-variable access.
pkgs/npm/[email protected]/lib/cli-config.js:154
    var directoryArr = [process.env.USERPROFILE, process.env.HOMEPATH, process.env.HOME];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3dfeebb490f0d441 Filesystem access.
pkgs/npm/[email protected]/lib/config/configuration.js:3
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #287198ac5ce43cba Filesystem access.
pkgs/npm/[email protected]/lib/config/generator.js:1
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c31381bd5840531 Filesystem access.
pkgs/npm/[email protected]/lib/config/generator.js:93
        fs.writeFileSync(process.cwd() + '/.jscsrc', JSON.stringify(this._config, null, '\t'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7970e9e8c6c146e2 Filesystem access.
pkgs/npm/[email protected]/lib/config/node-configuration.js:3
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

markdown-doctest

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #cdc52b0379ebb571 Filesystem access.
pkgs/npm/[email protected]/bin/cmd.js:9
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

optional-dev-dependency

npm dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #1192011d449b773f Filesystem access.
pkgs/npm/[email protected]/dependency.js:5
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3d611d23dd36a9b Filesystem access.
pkgs/npm/[email protected]/index.js:5
var fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4fcf02714ec2233 Filesystem access.
pkgs/npm/[email protected]/index.js:70
  fs.readFile(filename, (er, buf) => {
    if (er) { return cb(er) }
    try {
      const js = JSON.parse(buf) || {}
      cb(null, js)
    } catch (er) {
      cb(er)
    }
  })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fa6e0862b57c496 Filesystem access.
pkgs/npm/[email protected]/index.js:108
      fs.writeFile(Dependency.findNodeModules('package.json'), JSON.stringify(pkg, null, 2), cb)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

qunit-extras

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #a41f00eabcd1ba33 Environment-variable access.
pkgs/npm/[email protected]/qunit-extras.js:107
      return process.env[name];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

request

npm dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #62efc13112987912 Environment-variable access.
pkgs/npm/[email protected]/lib/getProxyFromURI.js:45
  var noProxy = process.env.NO_PROXY || process.env.no_proxy || ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f10787b0f73a4c11 Environment-variable access.
pkgs/npm/[email protected]/lib/getProxyFromURI.js:62
    return process.env.HTTP_PROXY ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10ee84eedeb1d499 Environment-variable access.
pkgs/npm/[email protected]/lib/getProxyFromURI.js:63
      process.env.http_proxy || null

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2730b0b44e15f612 Environment-variable access.
pkgs/npm/[email protected]/lib/getProxyFromURI.js:67
    return process.env.HTTPS_PROXY ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2bd8e9c2b9a95f9 Environment-variable access.
pkgs/npm/[email protected]/lib/getProxyFromURI.js:68
      process.env.https_proxy ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c124a06a15cc65e Environment-variable access.
pkgs/npm/[email protected]/lib/getProxyFromURI.js:69
      process.env.HTTP_PROXY ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a89e3b385e880b8 Environment-variable access.
pkgs/npm/[email protected]/lib/getProxyFromURI.js:70
      process.env.http_proxy || null

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5fb9c6fa0acfec21 Filesystem access.
pkgs/npm/[email protected]/lib/har.js:3
var fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f35d8d270e70f8f Environment-variable access.
pkgs/npm/[email protected]/request.js:133
Request.debug = process.env.NODE_DEBUG && /\brequest\b/.test(process.env.NODE_DEBUG)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

uglify-js

npm dependency
expand_more 12 low-confidence finding(s)
low env_fs dependency Excluded from app score #019d59a3cf6594b3 Filesystem access.
pkgs/npm/[email protected]/bin/extract-props.js:6
var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #779d79799fd63dd4 Filesystem access.
pkgs/npm/[email protected]/bin/extract-props.js:18
    output = JSON.parse(fs.readFileSync(ARGS.o, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11b90a008e4590a0 Filesystem access.
pkgs/npm/[email protected]/bin/extract-props.js:24
    fs.writeFileSync(ARGS.o, JSON.stringify(output, null, 2), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c64269ce3f7004ca Filesystem access.
pkgs/npm/[email protected]/bin/extract-props.js:30
    var code = fs.readFileSync(filename, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #a33453b7b323b297 Filesystem access.
pkgs/npm/[email protected]/tools/node.js:8
var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #5049a6762e303c5f Filesystem access.
pkgs/npm/[email protected]/tools/node.js:29
    return fs.readFileSync(file, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #e6005d712a652180 Filesystem access.
pkgs/npm/[email protected]/tools/node.js:70
                : fs.readFileSync(file, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #49718b6b65010533 Filesystem access.
pkgs/npm/[email protected]/tools/node.js:120
        inMap = JSON.parse(fs.readFileSync(options.inSourceMap, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #6b388fac6058d609 Filesystem access.
pkgs/npm/[email protected]/tools/node.js:216
    var data = fs.readFileSync(filename, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #c8c833ca7d98b746 Filesystem access.
pkgs/npm/[email protected]/tools/node.js:241
            var cache = fs.readFileSync(filename, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #041ec80cea30776b Filesystem access.
pkgs/npm/[email protected]/tools/node.js:259
            data = fs.readFileSync(filename, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #d000392d169ce05b Filesystem access.
pkgs/npm/[email protected]/tools/node.js:268
        fs.writeFileSync(filename, JSON.stringify(data, null, 2), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

webpack

npm dependency
expand_more 29 low-confidence finding(s)
low env_fs dependency Excluded from app score #9c8ff5d3a650c364 Filesystem access.
pkgs/npm/[email protected]/lib/Compiler.js:901
							(this.outputFileSystem).writeFile(targetPath, content, (err) => {
								if (err) return callback(err);

								// information marker that the asset has been emitted
								compilation.emittedAssets.add(file);

								// cache the information that the Source has been written to that location
								const newGeneration =
									targetFileGeneration === undefined
										? 1
										: targetFileGeneration + 1;
								/** @type {CacheEntry} */
								(cacheEntry).writtenTo.set(targetPath, newGeneration);
								this._assetEmittingWrittenFiles.set(targetPath, newGeneration);
								this.hooks.assetEmitted.callAsync(
									file,
									{
										content,
										source,
										outputPath,
										compilation,
										targetPath
									},
									callback
								);
							});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e14742469dbaf159 Filesystem access.
pkgs/npm/[email protected]/lib/Compiler.js:996
								return /** @type {OutputFileSystem} */ (
									this.outputFileSystem
								).readFile(targetPath, (err, existingContent) => {
									if (
										err ||
										!content.equals(/** @type {Buffer} */ (existingContent))
									) {
										return doWrite(content);
									}
									return alreadyWritten();
								});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b316d0cfcbe1797 Filesystem access.
pkgs/npm/[email protected]/lib/Compiler.js:1141
			(this.outputFileSystem).writeFile(
				/** @type {string} */ (this.recordsOutputPath),
				JSON.stringify(
					this.records,
					(n, value) => {
						if (
							typeof value === "object" &&
							value !== null &&
							!Array.isArray(value)
						) {
							const keys = Object.keys(value);
							if (!isSorted(keys)) {
								return sortObject(value, keys);
							}
						}
						return value;
					},
					2
				),
				callback
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4081e51837be1f1 Filesystem access.
pkgs/npm/[email protected]/lib/Compiler.js:1227
			(this.inputFileSystem).readFile(
				/** @type {string} */
				(this.recordsInputPath),
				(err, content) => {
					if (err) return callback(err);

					try {
						this.records =
							/** @type {Records} */
							(parseJson(/** @type {Buffer} */ (content).toString("utf8")));
					} catch (parseErr) {
						return callback(
							new Error(
								`Cannot parse records: ${
									/** @type {Error} */ (parseErr).message
								}`
							)
						);
					}

					return callback(null);
				}
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93d097c68e22345f Environment-variable access.
pkgs/npm/[email protected]/lib/DotenvPlugin.js:447
					process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd34f8fe66907f54 Environment-variable access.
pkgs/npm/[email protected]/lib/DotenvPlugin.js:448
						? process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d982a470c1ec31c Filesystem access.
pkgs/npm/[email protected]/lib/DotenvPlugin.js:465
			fs.readFile(file, (err, content) => {
				if (err) reject(err);
				else resolve(/** @type {Buffer} */ (content).toString() || "");
			});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47f6d1274ddc45b7 Environment-variable access.
pkgs/npm/[email protected]/lib/EnvironmentPlugin.js:50
					process.env[key] !== undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1fd6e5df0ad730e Environment-variable access.
pkgs/npm/[email protected]/lib/EnvironmentPlugin.js:51
						? process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c00a20efed7c972f Filesystem access.
pkgs/npm/[email protected]/lib/FileSystemInfo.js:2209
								this.fs.readFile(path, (err, content) => {
									if (err) return callback(err);
									try {
										const context = dirname(this.fs, path);
										const source = /** @type {Buffer} */ (content).toString();
										const [imports] = lexer.parse(source);
										/** @type {Set<string>} */
										const added = new Set();
										for (const imp of imports) {
											try {
												// import.meta
												if (imp.d === -2) {
													continue;
												}

												/** @type {string | null} */
												const dependency =
													imp.n ||
													parseString(source.slice(imp.s, imp.e).trim());

												if (!dependency) {
													continue;
												}

												// We should not track Node.js build dependencies
												if (dependency.startsWith("node:")) continue;
												if (builtinModules.has(dependency)) continue;
												// Avoid extra jobs for identical imports
												if (added.has(dependency)) continue;

												push({
													type: RBDT_RESOLVE_ESM_FILE,
													context,
													path: dependency,
													expected: imp.d > -1 ? false : undefined,
													issuer: job
												});
												added.add(dependency);
											} catch (err1) {
												logger.warn(
													`Parsing of ${path} for build dependencies failed at 'import(${source.slice(
														imp.s,
														imp.e
													)})'.\n` +
														"Build dependencies behind this expression are ignored and might cause incorrect cache invalidation."
												);
												logger.debug(pathToString(job));
												logger.debug(/** @type {Error} */ (err1).stack);
											}
										}
									} catch (err2) {
										logger.warn(
											`Parsing of ${path} for build dependencies failed and all dependencies of this file are ignored, which might cause incorrect cache invalidation..`
										);
										logger.debug(pathToString(job));
										logger.debug(/** @type {Error} */ (err2).stack);
									}
									process.nextTick(callback);
								});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01663dcc7544b480 Filesystem access.
pkgs/npm/[email protected]/lib/FileSystemInfo.js:2284
						this.fs.readFile(packageJson, (err, content) => {
							if (err) {
								if (err.code === "ENOENT") {
									resolveMissing.add(packageJson);
									const parent = dirname(this.fs, packagePath);
									if (parent !== packagePath) {
										push({
											type: RBDT_DIRECTORY_DEPENDENCIES,
											context: undefined,
											path: parent,
											expected: undefined,
											issuer: job
										});
									}
									callback();
									return;
								}
								return callback(err);
							}
							resolveFiles.add(packageJson);
							/** @type {JsonObject} */
							let packageData;
							try {
								packageData = JSON.parse(
									/** @type {Buffer} */
									(content).toString("utf8")
								);
							} catch (parseErr) {
								return callback(/** @type {Error} */ (parseErr));
							}
							const depsObject = packageData.dependencies;
							const optionalDepsObject = packageData.optionalDependencies;
							/** @type {Set<string>} */
							const allDeps = new Set();
							/** @type {Set<string>} */
							const optionalDeps = new Set();
							if (typeof depsObject === "object" && depsObject) {
								for (const dep of Object.keys(depsObject)) {
									allDeps.add(dep);
								}
							}
							if (
								typeof optionalDepsObject === "object" &&
								optionalDepsObject
							) {
								for (const dep of Object.keys(optionalDepsObject)) {
									allDeps.add(dep);
									optionalDeps.add(dep);
								}
							}
							for (const dep of allDeps) {
								push({
									type: RBDT_RESOLVE_DIRECTORY,
									context: packagePath,
									path: dep,
									expected: !optionalDeps.has(dep),
									issuer: job
								});
							}
							callback();
						});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8e8d8a8ef9befef Filesystem access.
pkgs/npm/[email protected]/lib/FileSystemInfo.js:3676
		this.fs.readFile(path, (err, content) => {
			if (err) {
				if (err.code === "EISDIR") {
					this._fileHashes.set(path, "directory");
					return callback(null, "directory");
				}
				if (err.code === "ENOENT") {
					this._fileHashes.set(path, null);
					return callback(null, null);
				}
				if (err.code === "ERR_FS_FILE_TOO_LARGE") {
					/** @type {Logger} */
					(this.logger).warn(`Ignoring ${path} for hashing as it's very large`);
					this._fileHashes.set(path, "too large");
					return callback(null, "too large");
				}
				return callback(/** @type {WebpackError} */ (err));
			}

			const hash = createHash(this._hashFunction);

			hash.update(/** @type {string | Buffer} */ (content));

			const digest = hash.digest("hex");

			this._fileHashes.set(path, digest);

			callback(null, digest);
		});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e2658c8a3a53e38 Filesystem access.
pkgs/npm/[email protected]/lib/FileSystemInfo.js:4419
			this.fs.readFile(packageJsonPath, (err, content) => {
				if (err) {
					if (err.code === "ENOENT" || err.code === "ENOTDIR") {
						// no package.json or path is not a directory
						this.fs.readdir(path, (err, elements) => {
							if (
								!err &&
								/** @type {string[]} */ (elements).length === 1 &&
								/** @type {string[]} */ (elements)[0] === "node_modules"
							) {
								// This is only a grouping folder e.g. used by yarn
								// we are only interested in existence of this special directory
								this._managedItems.set(path, "*nested");
								return callback(null, "*nested");
							}
							/** @type {Logger} */
							(this.logger).warn(
								`Managed item ${path} isn't a directory or doesn't contain a package.json (see snapshot.managedPaths option)`
							);
							return callback();
						});
						return;
					}
					return callback(/** @type {WebpackError} */ (err));
				}
				/** @type {JsonObject} */
				let data;
				try {
					data = JSON.parse(/** @type {Buffer} */ (content).toString("utf8"));
				} catch (parseErr) {
					return callback(/** @type {WebpackError} */ (parseErr));
				}
				if (!data.name) {
					/** @type {Logger} */
					(this.logger).warn(
						`${packageJsonPath} doesn't contain a "name" property (see snapshot.managedPaths option)`
					);
					return callback();
				}
				const info = `${data.name || ""}@${data.version || ""}`;
				this._managedItems.set(path, info);
				callback(null, info);
			});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c48b7792709585c Filesystem access.
pkgs/npm/[email protected]/lib/config/defaults.js:8
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8fd8963ea864480c Filesystem access.
pkgs/npm/[email protected]/lib/config/defaults.js:1477
			const packageInfo = JSON.parse(fs.readFileSync(pkgPath, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85cdac94f1367432 Environment-variable access.
pkgs/npm/[email protected]/lib/config/defaults.js:2450
		(infrastructureLogging.stream).isTTY && process.env.TERM !== "dumb";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55ebb06abf187dcc Filesystem access.
pkgs/npm/[email protected]/lib/dll/DllReferencePlugin.js:73
					(compiler.inputFileSystem).readFile(manifest, (err, result) => {
						if (err) return callback(err);
						/** @type {CompilationDataItem} */
						const data = {
							path: manifest,
							data: undefined,
							error: undefined
						};
						// Catch errors parsing the manifest so that blank
						// or malformed manifest files don't kill the process.
						try {
							data.data =
								/** @type {DllReferencePluginOptionsManifest} */
								(
									/** @type {unknown} */
									(parseJson(/** @type {Buffer} */ (result).toString("utf8")))
								);
						} catch (parseErr) {
							// Store the error in the params so that it can
							// be added as a compilation error later on.
							const manifestPath = makePathsRelative(
								compiler.context,
								manifest,
								compiler.root
							);
							data.error = new DllManifestError(
								manifestPath,
								/** @type {Error} */ (parseErr).message
							);
						}
						compilationData.set(params, data);
						return callback();
					});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a5536e5c84cde25 Filesystem access.
pkgs/npm/[email protected]/lib/dll/LibManifestPlugin.js:137
								intermediateFileSystem.writeFile(targetPath, buffer, callback);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55f3ab383beedeb6 Filesystem access.
pkgs/npm/[email protected]/lib/ids/SyncModuleIdsPlugin.js:63
				fs.readFile(this.options.path, (err, buffer) => {
					if (err) {
						if (err.code !== "ENOENT") {
							return callback(err);
						}
						return callback();
					}
					/** @type {JSONContent} */
					const json = JSON.parse(/** @type {Buffer} */ (buffer).toString());
					/** @type {Map<string, string | number | null>} */
					data = new Map();
					for (const key of Object.keys(json)) {
						data.set(key, json[key]);
					}
					dataChanged = false;
					return callback();
				});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #913f2d220353c913 Filesystem access.
pkgs/npm/[email protected]/lib/ids/SyncModuleIdsPlugin.js:94
				fs.writeFile(this.options.path, JSON.stringify(json), callback);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d17ceff647dfa45 Filesystem access.
pkgs/npm/[email protected]/lib/schemes/FileUriPlugin.js:43
						loaderContext.fs.readFile(resourcePath, (err, result) => {
							if (err) return callback(err);
							loaderContext.addDependency(resourcePath);
							callback(null, result);
						});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #496efa1c6c888c2d Environment-variable access.
pkgs/npm/[email protected]/lib/schemes/HttpUriPlugin.js:496
			this.options.proxy || process.env.http_proxy || process.env.HTTP_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a01fe6ffb540b710 Filesystem access.
pkgs/npm/[email protected]/lib/schemes/HttpUriPlugin.js:589
							intermediateFs.readFile(lockfileLocation, (err, buffer) => {
								if (err && err.code !== "ENOENT") {
									compilation.missingDependencies.add(lockfileLocation);
									return callback(err);
								}
								compilation.fileDependencies.add(lockfileLocation);
								compilation.fileSystemInfo.createSnapshot(
									compiler.fsStartTime,
									buffer ? [lockfileLocation] : [],
									[],
									buffer ? [] : [lockfileLocation],
									{ timestamp: true },
									(err, s) => {
										if (err) return callback(err);
										const lockfile = buffer
											? Lockfile.parse(buffer.toString("utf8"))
											: new Lockfile();
										lockfileCache = {
											lockfile,
											snapshot: /** @type {Snapshot} */ (s)
										};
										callback(null, lockfile);
									}
								);
							});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab4e485fd2e89ebf Filesystem access.
pkgs/npm/[email protected]/lib/schemes/HttpUriPlugin.js:693
							intermediateFs.writeFile(filePath, result.content, (err) => {
								if (err) return callback(err);
								callback(null, result);
							});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1595aeb2b980e1f0 Filesystem access.
pkgs/npm/[email protected]/lib/schemes/HttpUriPlugin.js:1202
									fs.readFile(filePath, (err, result) => {
										if (err) {
											if (err.code === "ENOENT") return doFetch();
											return callback(err);
										}
										const content = /** @type {Buffer} */ (result);
										/**
										 * Continue with cached content.
										 * @param {Buffer | undefined} _result result
										 * @returns {void}
										 */
										const continueWithCachedContent = (_result) => {
											if (!upgrade) {
												// When not in upgrade mode, we accept the result from the lockfile cache
												return callback(null, { entry, content });
											}
											return doFetch(content);
										};
										if (!verifyIntegrity(content, entry.integrity)) {
											/** @type {Buffer | undefined} */
											let contentWithChangedEol;
											let isEolChanged = false;
											try {
												contentWithChangedEol = Buffer.from(
													content.toString("utf8").replace(/\r\n/g, "\n")
												);
												isEolChanged = verifyIntegrity(
													contentWithChangedEol,
													entry.integrity
												);
											} catch (_err) {
												// ignore
											}
											if (isEolChanged) {
												if (!warnedAboutEol) {
													const explainer = `Incorrect end of line sequence was detected in the lockfile cache.
The lockfile cache is protected by integrity checks, so any external modification will lead to a corrupted lockfile cache.
When using git make sure to configure .gitattributes correctly for the lockfile cache:
  **/*webpack.lock.data/** -text
This will avoid that the end of line sequence is changed by git on Windows.`;
													if (frozen) {
														logger.error(explainer);
													} else {
														logger.warn(explainer);
														logger.info(
															"Lockfile cache will be automatically fixed now, but when lockfile is frozen this would result in an error."
														);
													}
													warnedAboutEol = true;
												}
												if (!frozen) {
													// "fix" the end of line sequence of the lockfile content
													logger.log(
														`${filePath} fixed end of line sequence (\\r\\n instead of \\n).`
													);
													intermediateFs.writeFile(
														filePath,
														/** @type {Buffer} */
														(contentWithChangedEol),
														(err) => {
															if (err) return callback(err);
															continueWithCachedContent(
																/** @type {Buffer} */
																(contentWithChangedEol)
															);
														}
													);
													return;
												}
											}
											if (frozen) {
												return callback(
													new Error(
														`${
															entry.resolved
														} integrity mismatch, expected content with integrity ${
															entry.integrity
														} but got ${computeIntegrity(content)}.
Lockfile corrupted (${
															isEolChanged
																? "end of line sequence was unexpectedly changed"
																: "incorrectly merged? changed by other tools?"
														}).
Run build with un-frozen lockfile to automatically fix lockfile.`
													)
												);
											}
											// "fix" the lockfile entry to the correct integrity
											// the content has priority over the integrity value
											entry = {
												...entry,
												integrity: computeIntegrity(content)
											};
											storeLockEntry(lockfile, url, entry);
										}
										continueWithCachedContent(result);
									});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ea1b7d408ffe885 Filesystem access.
pkgs/npm/[email protected]/lib/schemes/HttpUriPlugin.js:1257
													intermediateFs.writeFile(
														filePath,
														/** @type {Buffer} */
														(contentWithChangedEol),
														(err) => {
															if (err) return callback(err);
															continueWithCachedContent(
																/** @type {Buffer} */
																(contentWithChangedEol)
															);
														}
													);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4381c9837afbc4a4 Filesystem access.
pkgs/npm/[email protected]/lib/schemes/HttpUriPlugin.js:1410
							intermediateFs.readFile(lockfileLocation, (err, buffer) => {
								if (err && err.code !== "ENOENT") {
									writeDone();
									return callback(err);
								}
								const lockfile = buffer
									? Lockfile.parse(buffer.toString("utf8"))
									: new Lockfile();
								for (const [key, value] of /** @type {LockfileUpdates} */ (
									lockfileUpdates
								)) {
									lockfile.entries.set(key, value);
								}
								intermediateFs.writeFile(
									tempFile,
									lockfile.toString(),
									(err) => {
										if (err) {
											writeDone();
											return (
												/** @type {NonNullable<IntermediateFileSystem["unlink"]>} */
												(intermediateFs.unlink)(tempFile, () => callback(err))
											);
										}
										intermediateFs.rename(tempFile, lockfileLocation, (err) => {
											if (err) {
												writeDone();
												return (
													/** @type {NonNullable<IntermediateFileSystem["unlink"]>} */
													(intermediateFs.unlink)(tempFile, () => callback(err))
												);
											}
											writeDone();
											callback();
										});
									}
								);
							});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f06a48004258288 Filesystem access.
pkgs/npm/[email protected]/lib/schemes/HttpUriPlugin.js:1423
								intermediateFs.writeFile(
									tempFile,
									lockfile.toString(),
									(err) => {
										if (err) {
											writeDone();
											return (
												/** @type {NonNullable<IntermediateFileSystem["unlink"]>} */
												(intermediateFs.unlink)(tempFile, () => callback(err))
											);
										}
										intermediateFs.rename(tempFile, lockfileLocation, (err) => {
											if (err) {
												writeDone();
												return (
													/** @type {NonNullable<IntermediateFileSystem["unlink"]>} */
													(intermediateFs.unlink)(tempFile, () => callback(err))
												);
											}
											writeDone();
											callback();
										});
									}
								);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0715e27937495891 Filesystem access.
pkgs/npm/[email protected]/lib/util/fs.js:681
	fs.readFile(p, (err, buf) => {
		if (err) return callback(err);
		/** @type {JsonObject} */
		let data;
		try {
			data = JSON.parse(/** @type {Buffer} */ (buf).toString("utf8"));
		} catch (err1) {
			return callback(/** @type {Error} */ (err1));
		}
		return callback(null, data);
	});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Development

  • glob dev — dist-only: no readable source