Close Open Privacy Scan

bolt Snapshot: commit fdefbcf
science engine v3
schedule 2026-07-07T10:11:15.986312+00:00

verified_user No application data leak found

No high-confidence exfiltration was found in application code.

Incomplete scan — only 0/174 dependencies were analyzed. Treat the score as provisional.

App Privacy Score

92 /100
Low privacy risk

Low risk · 797 finding(s)

Dependency score: 100 (Low risk)

bar_chart Score Breakdown

egress −5
env_fs −3

list Scan Summary

0 high 0 medium 797 low
First-party packages: 42
Dependency packages: 0
Ecosystem: npm

swap_horiz External domains

sponsors.vite.dev

</> First-Party Code

first-party (npm)

npm first-party
expand_more 329 low-confidence finding(s)
low env_fs production #f753c925887e2c51 Filesystem access.
repo/docs/.vitepress/buildEnd.config.ts:49
  writeFileSync(path.join(config.outDir, 'blog.rss'), feed.rss2())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c75a6fa9fe5d820f Environment-variable access.
repo/docs/.vitepress/config.ts:26
const deployURL = process.env.DEPLOY_PRIME_URL || ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18712be8ff155671 Environment-variable access.
repo/docs/.vitepress/config.ts:27
const commitRef = process.env.COMMIT_REF?.slice(0, 8) || 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #1fb1c4c3c16506c5 Hardcoded external endpoint. Review what data is sent to this destination.
repo/docs/.vitepress/theme/composables/sponsor.ts:18
    const result = await fetch('https://sponsors.vite.dev/sponsors.json')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #f6617465baa4560b Filesystem access.
repo/docs/_data/acknowledgements.data.ts:114
  const content = fs.readFileSync(licensePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4f4c7d879732776 Filesystem access.
repo/docs/_data/acknowledgements.data.ts:202
    const content = fs.readFileSync(packagePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac51ba447cab4d1d Environment-variable access.
repo/eslint.config.js:13
const shouldTypeCheck = typeof process.env.VSCODE_PID === 'string'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f95b50f264b330a6 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:32
  fs.writeFileSync(pkgJson, '{ "foo": "bar" }')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #921e34ccdb2c858b Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:179
  const configFile = fs.readFileSync(
    path.join(genPath, 'vite.config.ts'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #80b6c7aa808b56e7 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:183
  const packageJsonFile = fs.readFileSync(
    path.join(genPath, 'package.json'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1b122e828ce0c7b3 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:187
  const readmeFile = fs.readFileSync(path.join(genPath, 'README.md'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f538b4db2e5c7999 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:205
  const pkg = fs.readFileSync(path.join(genPath, 'package.json'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fca7853dd4983556 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:210
  const readme = fs.readFileSync(path.join(genPath, 'README.md'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1117d37f36068208 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:224
  const pkg = fs.readFileSync(path.join(genPath, 'package.json'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #92ebc265dea2d227 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:288
  const indexHtmlContent = fs.readFileSync(indexHtmlPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0a28020ae4b05c4 Environment-variable access.
repo/packages/create-vite/src/index.ts:415
  if (process.env._VITE_TEST_CLI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bf46dd2ee37b2965 Environment-variable access.
repo/packages/create-vite/src/index.ts:429
  if (process.env._VITE_TEST_CLI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34d2ef2366f78c62 Environment-variable access.
repo/packages/create-vite/src/index.ts:466
  const pkgInfo = pkgFromUserAgent(process.env.npm_config_user_agent)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63371a71762a9735 Filesystem access.
repo/packages/create-vite/src/index.ts:676
      fs.writeFileSync(targetPath, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bd24c2c11b8e543a Filesystem access.
repo/packages/create-vite/src/index.ts:679
      const templateContent = fs.readFileSync(templatePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e58d830a3286a03b Filesystem access.
repo/packages/create-vite/src/index.ts:684
      fs.writeFileSync(targetPath, updatedContent)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c6f40bcfdaaf3b16 Filesystem access.
repo/packages/create-vite/src/index.ts:696
    fs.readFileSync(path.join(templateDir, `package.json`), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #699bac7058d6d4c6 Filesystem access.
repo/packages/create-vite/src/index.ts:914
  fs.writeFileSync(path.resolve(root, 'eslint.config.js'), eslintConfig)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d37e192b6d1fb0ac Filesystem access.
repo/packages/create-vite/src/index.ts:1043
  const content = fs.readFileSync(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b64e55f4567f026f Filesystem access.
repo/packages/create-vite/src/index.ts:1044
  fs.writeFileSync(file, callback(content), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4903a7e972ba3ce4 Filesystem access.
repo/packages/plugin-legacy/src/__tests__/readme.spec.ts:7
  const readme = fs.readFileSync(
    path.resolve(import.meta.dirname, '../../README.md'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #134e8df881054e50 Environment-variable access.
repo/packages/plugin-legacy/src/index.ts:182
  const debugFlags = (process.env.DEBUG || '').split(',')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e01da099550b1c6 Environment-variable access.
repo/packages/vite/bin/vite.js:6
  if (!process.env.DEBUG_DISABLE_SOURCE_MAP) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe910ced09f9b86d Environment-variable access.
repo/packages/vite/bin/vite.js:36
  process.env.DEBUG = `${

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #abf5e1cd68d5e3e4 Environment-variable access.
repo/packages/vite/bin/vite.js:37
    process.env.DEBUG ? process.env.DEBUG + ',' : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f14ada2adb5cab60 Environment-variable access.
repo/packages/vite/bin/vite.js:43
      process.env.VITE_DEBUG_FILTER = filter

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #594db05b982f522c Filesystem access.
repo/packages/vite/rolldown.config.ts:12
  readFileSync(new URL('./package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #734ac86a0a50ca1f Environment-variable access.
repo/packages/vite/rolldown.config.ts:14
const disableSourceMap = !!process.env.DEBUG_DISABLE_SOURCE_MAP

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9fabbde7d2f66e05 Filesystem access.
repo/packages/vite/rolldown.config.ts:180
        writeFileSync(
          'dist/node/index.d.ts',
          "export * from '../../src/node/index.ts'",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b520c77f1ea1e2a9 Filesystem access.
repo/packages/vite/rolldown.config.ts:184
        writeFileSync(
          'dist/node/module-runner.d.ts',
          "export * from '../../src/module-runner/index.ts'",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5228f6d1ed6a383f Filesystem access.
repo/packages/vite/rolldown.dts.config.ts:23
  readFileSync(new URL('./package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2c33817323607109 Filesystem access.
repo/packages/vite/rollupLicensePlugin.ts:17
      const coreLicense = fs.readFileSync(
        new URL('../../LICENSE', import.meta.url),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c647669b34e80b4d Filesystem access.
repo/packages/vite/rollupLicensePlugin.ts:108
      const existingLicenseText = fs.readFileSync(licenseFilePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #801862610d48ed70 Filesystem access.
repo/packages/vite/rollupLicensePlugin.ts:110
        fs.writeFileSync(licenseFilePath, licenseText)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #87b5e8cd8cdb9d38 Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1152
  const content = await fsp.readFile(entry, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4bc8a5af5617aa21 Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1153
  await fsp.writeFile(
    entry,
    content.replace(`import('./dep.js')`, `'dep.js removed'`),
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8c9b43b41193d0ba Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1158
    await fsp.writeFile(entry, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #72ea73ec9358ea72 Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1188
    fsp.readFile(resolve(root, 'dist/favicon.svg'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3200c2325974dd49 Filesystem access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1386
      fs.writeFileSync(path.resolve(root, fileName), content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b8ba4c094f8a2f3a Filesystem access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1390
      fs.writeFileSync(
        path.resolve(root, 'package.json'),
        JSON.stringify({
          name: '@vitejs/test-load-config-from-file',
          type: typeField,
        }),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d08ba9132fb3340a Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1599
    delete process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c594638950779a87 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1603
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'example.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #855f88ad719b0431 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1613
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #349dec45b6675708 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1628
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #91154b1ab75e87a8 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1643
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2cb236f87700f613 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1654
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'new.com,another.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ab1103c63a9b5fd6 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1668
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'example.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6dca06404fe87682 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1680
      process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = env

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #eaf22642b8d007f8 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:54
    expect(process.env.VITE_USER_NODE_ENV).toEqual(undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #213367b9860502e8 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:58
    const _nodeEnv = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ab777a7b2f8381fc Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:59
    process.env.NODE_ENV = 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1137134d289be5f8 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:61
    expect(process.env.VITE_USER_NODE_ENV).toEqual('development')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1ebed5bd0fd6ce72 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:62
    process.env.NODE_ENV = _nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d96171ed0864b5b8 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:66
    process.env.VITE_USER_NODE_ENV = 'test'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fea4d0bbd4c36e56 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:68
    expect(process.env.VITE_USER_NODE_ENV).toEqual('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #accf26d4f82bf04c Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:72
    process.env.VITE_ENV_TEST_ENV = 'EXIST'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e4833c8a659cf662 Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/cssPreprocessorTeardown.spec.ts:25
    fs.writeFileSync(scssPath, '$c: red;\nbody { color: $c; }\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #884046af377f601e Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/cssPreprocessorTeardown.spec.ts:37
        fs.readFileSync(scssPath, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #caee8a54f54aceaa Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/importGlob/fixture.spec.ts:14
      await transformWithEsbuild(await fs.readFile(id, 'utf-8'), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3089f6c09ef3a6a8 Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/importGlob/fixture.spec.ts:85
      await transformWithEsbuild(await fs.readFile(id, 'utf-8'), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b703d9e1fd2b09f1 Environment-variable access.
repo/packages/vite/src/node/build.ts:1091
  const tty = process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb0df33cdea85696 Filesystem access.
repo/packages/vite/src/node/cli.ts:80
        fs.writeFileSync(outPath, JSON.stringify(profile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1fc289aace8a5031 Environment-variable access.
repo/packages/vite/src/node/config.ts:1422
  if (process.env.NODE_ENV === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac963be8dd2ec4cb Environment-variable access.
repo/packages/vite/src/node/config.ts:1425
      process.env.NODE_ENV = nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01ccdfa7fd9c4d4f Environment-variable access.
repo/packages/vite/src/node/config.ts:1428
  const isNodeEnvSet = !!process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23ad92c5f92733a9 Environment-variable access.
repo/packages/vite/src/node/config.ts:1434
    process.env.NODE_ENV = defaultNodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97040d03ea7d6143 Environment-variable access.
repo/packages/vite/src/node/config.ts:1730
  const userNodeEnv = process.env.VITE_USER_NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e8d02fc20d116a5 Environment-variable access.
repo/packages/vite/src/node/config.ts:1733
      process.env.NODE_ENV = 'development'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #42cf31bbc044f2e5 Environment-variable access.
repo/packages/vite/src/node/config.ts:1744
  const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #be02a7b287ffd44b Filesystem access.
repo/packages/vite/src/node/config.ts:2658
    await fsp.writeFile(tempFileName, bundledCode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #980abf8c348284fc Filesystem access.
repo/packages/vite/src/node/constants.ts:7
  readFileSync(new URL('../../package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #98d973b333ffa4aa Filesystem access.
repo/packages/vite/src/node/env.ts:59
      const parsedEnv = parseEnv(fs.readFileSync(filePath, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5c0c6dbd351cabc3 Environment-variable access.
repo/packages/vite/src/node/env.ts:67
  if (parsed.NODE_ENV && process.env.VITE_USER_NODE_ENV === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #235745b6574eae41 Environment-variable access.
repo/packages/vite/src/node/env.ts:68
    process.env.VITE_USER_NODE_ENV = parsed.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #679960b214a3778f Environment-variable access.
repo/packages/vite/src/node/env.ts:71
  if (parsed.BROWSER && process.env.BROWSER === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #64dc35ca6c409025 Environment-variable access.
repo/packages/vite/src/node/env.ts:72
    process.env.BROWSER = parsed.BROWSER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #832d1378e62bfb77 Environment-variable access.
repo/packages/vite/src/node/env.ts:74
  if (parsed.BROWSER_ARGS && process.env.BROWSER_ARGS === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b7a2bf8752db20d6 Environment-variable access.
repo/packages/vite/src/node/env.ts:75
    process.env.BROWSER_ARGS = parsed.BROWSER_ARGS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe582ba9c6935a24 Environment-variable access.
repo/packages/vite/src/node/env.ts:100
      env[key] = process.env[key]!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb2b6fabafa5490c Filesystem access.
repo/packages/vite/src/node/http.ts:162
    return fsp.readFile(path.resolve(value)).catch(() => value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b950ba86b81f3cc6 Environment-variable access.
repo/packages/vite/src/node/logger.ts:84
    allowClearScreen && process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ac248c15725ea37 Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:414
        await fsp.readFile(cachedMetadataPath, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #32a343de939c3f9a Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:540
  fs.writeFileSync(
    path.resolve(processingCacheDir, 'package.json'),
    `{\n  "type": "module"\n}\n`,
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ce95c18f3408bdb Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:595
      fs.writeFileSync(
        dataPath,
        stringifyDepsOptimizerMetadata(metadata, depsCacheDir),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee78f99589df318d Environment-variable access.
repo/packages/vite/src/node/optimizer/index.ts:817
      : JSON.stringify(process.env.NODE_ENV || environment.config.mode),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #95ed862cd7dc71ea Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:1161
  const entryContent = fs.readFileSync(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4219210ee121f96a Environment-variable access.
repo/packages/vite/src/node/optimizer/index.ts:1280
  return process.env.npm_config_user_agent?.startsWith(manager) ? 1 : -1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1e8bc32e46e3220c Environment-variable access.
repo/packages/vite/src/node/optimizer/index.ts:1292
        ? process.env.NODE_ENV || config.mode

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #98c40eebb7718fcc Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:1331
  let content = lockfilePath ? fs.readFileSync(lockfilePath, 'utf-8') : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4aa9a67773c13cae Filesystem access.
repo/packages/vite/src/node/optimizer/scan.ts:454
    let raw = await fsp.readFile(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9409a013464b486f Filesystem access.
repo/packages/vite/src/node/packages.ts:179
  const data = JSON.parse(stripBomTag(fs.readFileSync(pkgPath, 'utf-8')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a43ad7b60447e31 Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:210
              await fsp.readFile(file, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #530d384efecf3db7 Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:344
    const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #46821e42261d9951 Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:353
    const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0d3c1ed365efe79d Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:452
  const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #268f72a93ee14182 Environment-variable access.
repo/packages/vite/src/node/plugins/clientInjections.ts:55
          JSON.stringify(process.env.NODE_ENV || config.mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #43941c75d3030102 Filesystem access.
repo/packages/vite/src/node/plugins/clientInjections.ts:147
  const content = fs.readFileSync(normalizedClientEntry, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36d64e51d46e991f Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:1605
          const code = await fs.promises.readFile(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #50be7716850e291d Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:2600
            result.contents ?? (await fsp.readFile(result.file, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3383d2590823c4de Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:2747
  const content = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4118441828947e1f Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:2880
                  (await fsp.readFile(result.resolved, 'utf-8')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #90caa29db5aeaf48 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:3265
              const code = fs.readFileSync(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1dac2ae0073f2214 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:3356
        const code = fs.readFileSync(e.fileName, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b99dd2a452e66a4e Environment-variable access.
repo/packages/vite/src/node/plugins/define.ts:19
    const nodeEnv = process.env.NODE_ENV || config.mode

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4fa94080c44e4f8 Filesystem access.
repo/packages/vite/src/node/plugins/forwardConsole.ts:138
      const code = fs.readFileSync(stack.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7d78ea5d5b24a8ea Filesystem access.
repo/packages/vite/src/node/plugins/license.ts:83
            entry.text = fs.readFileSync(licenseFile, 'utf-8').trim()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #436852c9ae0248a9 Filesystem access.
repo/packages/vite/src/node/plugins/optimizedDeps.ts:89
            fsp.readFile(file, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5fd289d7b8358096 Filesystem access.
repo/packages/vite/src/node/plugins/optimizedDeps.ts:90
            fsp
              .readFile(`${file}.map`, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ae0cb8ccecedd009 Environment-variable access.
repo/packages/vite/src/node/plugins/reporter.ts:9
    const tty = process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #577419c5cf4a5ab9 Filesystem access.
repo/packages/vite/src/node/plugins/wasm.ts:192
    const wasmBinary = await fsp.readFile(wasmFilePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac191c5cdfa0369d Filesystem access.
repo/packages/vite/src/node/server/hmr.ts:1137
  const content = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7621e7f1cb1fe210 Filesystem access.
repo/packages/vite/src/node/server/hmr.ts:1149
    return await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3296b9ec640a67e4 Environment-variable access.
repo/packages/vite/src/node/server/index.ts:934
  if (process.env.DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd7a6e51c3501879 Filesystem access.
repo/packages/vite/src/node/server/index.ts:1275
    const content = fs.readFileSync(pnpmModulesYaml, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c77a2e16cda1a964 Environment-variable access.
repo/packages/vite/src/node/server/index.ts:1316
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6f16dbb3782899a Environment-variable access.
repo/packages/vite/src/node/server/index.ts:1320
      process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #08ddc453caeeded6 Filesystem access.
repo/packages/vite/src/node/server/middlewares/__tests__/indexHtml.spec.ts:9
const HTML_CONTENT = fs.readFileSync(HTML_PATH, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #006d6e0b5ef9cc96 Filesystem access.
repo/packages/vite/src/node/server/middlewares/__tests__/indexHtml.spec.ts:68
    const htmlContent = fs.readFileSync(htmlPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a8dba6c3d533aa49 Filesystem access.
repo/packages/vite/src/node/server/middlewares/indexHtml.ts:540
          let html = await fsp.readFile(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9d6fbbb44c789a4 Filesystem access.
repo/packages/vite/src/node/server/middlewares/transform.ts:170
              await fsp.readFile(sourcemapPath, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #54e965efd0d45578 Environment-variable access.
repo/packages/vite/src/node/server/openBrowser.ts:31
  const browser = typeof opt === 'string' ? opt : process.env.BROWSER || ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d52330ad23bd725d Environment-variable access.
repo/packages/vite/src/node/server/openBrowser.ts:35
    const browserArgs = process.env.BROWSER_ARGS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dbee43594378a64e Environment-variable access.
repo/packages/vite/src/node/server/openBrowser.ts:36
      ? process.env.BROWSER_ARGS.split(' ')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2fa843fdde41e3fc Environment-variable access.
repo/packages/vite/src/node/server/pluginContainer.ts:111
  process.env.DEBUG_VITE_SOURCEMAP_COMBINE_FILTER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d39d68e3be1620d4 Filesystem access.
repo/packages/vite/src/node/server/pluginContainer.ts:961
              code = fs.readFileSync(err.loc.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2252b54a57d342f2 Filesystem access.
repo/packages/vite/src/node/server/pluginContainer.ts:1000
              code = fs.readFileSync(err.loc.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9ad3d504d49a0cda Filesystem access.
repo/packages/vite/src/node/server/searchRoot.ts:31
    const content = JSON.parse(fs.readFileSync(path, 'utf-8')) || {}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3366aa20b7519760 Filesystem access.
repo/packages/vite/src/node/server/searchRoot.ts:46
      const content = JSON.parse(fs.readFileSync(path, 'utf-8')) || {}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d399c49e78f96779 Filesystem access.
repo/packages/vite/src/node/server/sourcemap.ts:112
          sourcesContent[index] = await fsp
            .readFile(resolvedSourcePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #255b4508344c512c Filesystem access.
repo/packages/vite/src/node/server/sourcemap.ts:241
    return fs.readFileSync(resolvedPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #572d62e0e986e5b1 Filesystem access.
repo/packages/vite/src/node/server/transformRequest.ts:284
        code = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #47df4b3d734d84c2 Filesystem access.
repo/packages/vite/src/node/server/warmup.ts:34
        const html = await fs.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #302858aa1f4eb8f4 Environment-variable access.
repo/packages/vite/src/node/shortcuts.ts:36
  enabled: boolean = process.stdin.isTTY && !process.env.CI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #80e244599fdf87ad Filesystem access.
repo/packages/vite/src/node/ssr/__tests__/ssrLoadModule.spec.ts:233
  const source = fs.readFileSync(
    path.join(root, 'fixtures/json/test.json'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cf9d3ee7e4e15ad8 Filesystem access.
repo/packages/vite/src/node/ssr/__tests__/ssrTransform.spec.ts:644
    return readFileSync(fileURLToPath(url), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #adfdf2eeed939b27 Filesystem access.
repo/packages/vite/src/node/ssr/__tests__/ssrTransform.spec.ts:669
    return readFileSync(fileURLToPath(url), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #884986dbe1d09e5b Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/fixtures/native.js:3
export { readdirSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fd0c85ce007136b2 Environment-variable access.
repo/packages/vite/src/node/ssr/runtime/__tests__/server-hmr.spec.ts:137
  process.env.CI ? 50_00 : 5_000,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4c075528fcc373c4 Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:114
      fs.writeFileSync(file, content, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e7f34090f229edc0 Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:121
      const content = fs.readFileSync(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6d215897a2302319 Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:123
      fs.writeFileSync(file, callback(content), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #461973e775b7af1b Filesystem access.
repo/packages/vite/src/node/ssr/runtime/serverModuleRunner.ts:66
      return readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2c1dcd31b40166bb Environment-variable access.
repo/packages/vite/src/node/utils.ts:176
const filter = process.env.VITE_DEBUG_FILTER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9d37734367594df7 Environment-variable access.
repo/packages/vite/src/node/utils.ts:178
const DEBUG = process.env.DEBUG

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27fcf46150d996ad Environment-variable access.
repo/packages/vite/src/node/utils.ts:1246
    const method = process.env.VITE_DEPRECATION_TRACE ? 'trace' : 'warn'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f2313c4ce7fe7b9 Environment-variable access.
repo/packages/vite/src/node/utils.ts:1351
    const method = process.env.VITE_DEPRECATION_TRACE ? 'trace' : 'warn'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aa3d961009329801 Environment-variable access.
repo/packages/vite/src/node/utils.ts:1708
    process.env.npm_config_user_agent?.split(' ')[0].split('/')[0] || 'npm'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0824e504ba5af90 Environment-variable access.
repo/packages/vite/src/node/utils.ts:1833
    if (process.env.CI !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #043716fb5bdc347b Environment-variable access.
repo/packages/vite/src/node/utils.ts:1846
    if (process.env.CI !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #024468d4a0ebbe82 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:536
  const src = readFile('foo.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c674544b9e3effb1 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:555
    const src = readFile('テスト-測試-white space.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9fd2a2904f76b3ed Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:579
    const newContent = readFile('import-meta-url/img-update.png', null)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #89b9bb634f088911 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:787
  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2db1a741b605e4a8 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:794
  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc9bb501506e0dcf Filesystem access.
repo/playground/csp/vite.config.js:28
  const content = await fs.readFile(
    path.join(import.meta.dirname, file),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75b69636c585dac6 Environment-variable access.
repo/playground/css-lightningcss-proxy/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2141b178a8f9619c Filesystem access.
repo/playground/css-lightningcss-proxy/server.js:59
      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5e685d80fddfff2c Filesystem access.
repo/playground/css/__tests__/tests.ts:412
    readFileSync(require.resolve('../raw-imported.css'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc9f38c00f679ac2 Filesystem access.
repo/playground/css/postcss.config.js:23
        const text = files.map((f) => fs.readFileSync(f, 'utf-8')).join('\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #00bde24ce01e0402 Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:52
  expect(await page.textContent('.node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #754ac9e5b85b963e Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:53
  expect(await page.textContent('.global-node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5b1066805ff5f698 Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:55
    process.env.NODE_ENV,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #68cfd8b338be5502 Environment-variable access.
repo/playground/env/vite.config.js:3
process.env.EXPAND = 'expand'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a40be2077e711df0 Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:49
      fs.readFileSync(file, 'utf-8').includes('process.env.NODE_ENV'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #45ad28139f40578d Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:67
      const originalContent = readFile(filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3470ac7d13451ef9 Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:68
      fs.writeFileSync(
        filePath,
        `import 'react-fake-${env}'\n${originalContent}`,
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #caffd10f91815014 Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:74
        fs.writeFileSync(filePath, originalContent, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #16a08ff2cf47121a Filesystem access.
repo/playground/external/vite.config.js:13
      const code = await fs.readFile(
        new URL(`./node_modules/${file}`, import.meta.url),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c553b05d701062d5 Filesystem access.
repo/playground/fs-serve/__tests__/commonTests.ts:26
const safeJsonContent = fs.readFileSync(
  path.resolve(import.meta.dirname, '../safe.json'),
  'utf-8',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2457043ab15b4356 Filesystem access.
repo/playground/hmr-full-bundle-mode/__tests__/hmr-full-bundle-mode.spec.ts:144
    const original = readFile('hmr-asset.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #86802a1702fe6971 Filesystem access.
repo/playground/hmr-full-bundle-mode/__tests__/hmr-full-bundle-mode.spec.ts:228
    const original = readFile('invalidation-child.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2156f13e79c7b1e3 Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:299
      const originalUnresolvedFile = readFile('unresolved.ts')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #892b1cb75ebbbaf6 Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:302
        fs.writeFileSync(filepath, originalUnresolvedFile, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d2fba7ebd6a3735b Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:785
  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bee88bb2fcd7df73 Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:855
  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #05b9fde2fef09954 Filesystem access.
repo/playground/hmr/__tests__/hmr.spec.ts:924
    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ff85fdeebbbd50f7 Filesystem access.
repo/playground/hmr/__tests__/hmr.spec.ts:1001
    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3614e403193eca79 Filesystem access.
repo/playground/hmr/vite.config.ts:114
        const dep = await fs.readFile(depPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4c74b8ba9db38be8 Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:308
      const mapContent = readFile(`dist/assets/${mapAsset}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #827c9cb4e0617749 Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:384
      const jsContent = readFile(jsAsset)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b632a984cead9bdb Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:395
      const mapContent = readFile(mapFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2a167c3edcc3e5a4 Filesystem access.
repo/playground/json/__tests__/csr/json-csr.spec.ts:48
    readFileSync(require.resolve('../../test.json'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1af21665d8d07647 Filesystem access.
repo/playground/legacy/__tests__/legacy.spec.ts:171
          readFile(`dist/assets/${filename}`).includes('Unable to preload'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b1ba23a7e663bc06 Filesystem access.
repo/playground/legacy/vite.config-chunk-importmap.js:21
    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5e25878a19053f4 Filesystem access.
repo/playground/legacy/vite.config-chunk-importmap.js:25
    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0f9199bf59d2cbfd Filesystem access.
repo/playground/legacy/vite.config.js:45
    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25569c1dec000d2a Filesystem access.
repo/playground/legacy/vite.config.js:49
    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #396893589b57f4e3 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:11
    const code = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b8c61e5ae745ef6f Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:12
    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.umd.cjs',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b1f83b61a06e5504 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:15
    const namedCode = readFile('dist/named/my-lib-named.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2e30980359a85b82 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:26
    const code = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #117b99133d52ea57 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:27
    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dfa92309315cb0a0 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:30
    const namedCode = readFile('dist/named/my-lib-named.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #14aad44ce9994c7d Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:40
    const code = readFile(
      'dist/helpers-injection/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9d4f488dc2c728f8 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:52
    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #97d73902b7cde01b Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:60
    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0948a18ba622df24 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:70
    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #258bbbb983234b18 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:75
    const es = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0044991bee7a06b3 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:87
    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c35a592e50317727 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:88
    const iife = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #df780787b489b331 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:89
    const umd = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7ad3afcabd7213f8 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:96
    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ea5f353b7c3b2ad0 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:101
    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6a134734957bcd5d Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:106
    const terserIife = readFile('dist/terser/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #eba7d7426a3458b4 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:111
    const css = readFile('dist/css-single-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #710288e5989fd8ff Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:112
    const js = readFile('dist/css-single-entry/test-my-lib.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #17d1ba3ee15869b3 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:113
    const umd = readFile('dist/css-single-entry/test-my-lib.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6b1d63dc1016d4e1 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:120
    const css = readFile('dist/css-multi-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e611bffd6d1c0260 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:121
    const js1 = readFile('dist/css-multi-entry/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1da8e3a0ac9cbfc0 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:122
    const js2 = readFile('dist/css-multi-entry/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #970c0ee5f7fc3885 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:123
    const cjs1 = readFile('dist/css-multi-entry/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c027d8cc7538bf9f Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:124
    const cjs2 = readFile('dist/css-multi-entry/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0b0a179d5113be6e Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:134
    const css1 = readFile('dist/css-code-split/css-entry-1.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #114f8ad3662f3425 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:135
    const css2 = readFile('dist/css-code-split/css-entry-2.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f3e890bb48b3d451 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:136
    const js1 = readFile('dist/css-code-split/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dc354e7ac4054abe Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:137
    const js2 = readFile('dist/css-code-split/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b50a10637aa34388 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:138
    const cjs1 = readFile('dist/css-code-split/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2e93ff4deafd96a8 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:139
    const cjs2 = readFile('dist/css-code-split/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #94c7d0eb8635e627 Environment-variable access.
repo/playground/lib/__tests__/serve.ts:26
    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d2560e147964d89 Environment-variable access.
repo/playground/lib/src/main.js:8
  console.log(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e63fc38207d8cf8c Filesystem access.
repo/playground/lib/vite.config.js:38
          source: fs.readFileSync(
            path.resolve(import.meta.dirname, 'index.dist.html'),
            'utf-8',
          ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86bd7e2e1e2fdf11 Environment-variable access.
repo/playground/lib/vite.multiple-output.config.js:4
const root = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #23bb646cd1e11ac5 Filesystem access.
repo/playground/minify/__tests__/minify.spec.ts:11
  const jsContent = readFile(path.resolve(assetsDir, jsFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #811eefe0040e873c Filesystem access.
repo/playground/minify/__tests__/minify.spec.ts:14
  const cssContent = readFile(path.resolve(assetsDir, cssFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0837008544fabd6 Environment-variable access.
repo/playground/optimize-deps-no-discovery/vite.config.js:4
process.env.NODE_ENV = ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #790543a54bb0ddf9 Environment-variable access.
repo/playground/optimize-deps/dep-cjs-with-external-deps/index.js:5
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aaff9bf4d188b7c1 Filesystem access.
repo/playground/optimize-deps/dep-linked-include/index.mjs:16
  fs.readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b97d04fb1397d039 Environment-variable access.
repo/playground/optimize-deps/dep-node-env/index.js:1
export const env = process.env.NODE_ENV === 'production' ? 'prod' : 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #09ed626645b17243 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f44cab2674cb0b0d Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:20
  return fs.readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e03114f2f611814a Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:3
import { readFileSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dae6e5e60aa38991 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:9
  readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3210ec1236c2f1c4 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:23
  return readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #844c06fbf8860ead Filesystem access.
repo/playground/optimize-deps/vite.config.js:116
                    let contents = fs.readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6b3caea791338e27 Environment-variable access.
repo/playground/optimize-missing-deps/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0243b06dbec7e6df Filesystem access.
repo/playground/optimize-missing-deps/server.js:33
      let template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d5c091ce60788c7 Environment-variable access.
repo/playground/ssr-alias/src/main.js:8
  builtin: process.env['__TEST_ALIAS__'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33857c0babe54e31 Environment-variable access.
repo/playground/ssr-conditions/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0339cda8a9a4e02 Environment-variable access.
repo/playground/ssr-conditions/server.js:10
  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b9696bc6f3a80ff1 Filesystem access.
repo/playground/ssr-conditions/server.js:16
    ? fs.readFileSync(resolve('dist/client/index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad70da91ac014f75 Filesystem access.
repo/playground/ssr-conditions/server.js:56
        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7e169976f79a1285 Environment-variable access.
repo/playground/ssr-deps/__tests__/ssr-deps.spec.ts:103
    `Hello World from ${process.env.NODE_ENV}!`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fec8f2d241ffc572 Filesystem access.
repo/playground/ssr-deps/read-file-content/index.js:5
  return await fs.readFile(path.resolve(filePath), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f3fc2394274ffaa Environment-variable access.
repo/playground/ssr-deps/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5f88688e12c90be Filesystem access.
repo/playground/ssr-deps/server.js:100
      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #764c98948148eb41 Environment-variable access.
repo/playground/ssr-html/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1d7804cfb47c8c24 Filesystem access.
repo/playground/ssr-html/server.js:79
        const template = fs.readFileSync(resolve(`.${url}index.html`), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de47180fcf939e51 Filesystem access.
repo/playground/ssr-html/server.js:94
      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b09ff4f4142fefdf Environment-variable access.
repo/playground/ssr-html/test-stacktrace.js:10
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c259ec6b2776b275 Environment-variable access.
repo/playground/ssr-noexternal/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #690e7f02e7a2b425 Environment-variable access.
repo/playground/ssr-noexternal/server.js:9
  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1624136590033b0f Filesystem access.
repo/playground/ssr-noexternal/server.js:15
    ? fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d46715ba0f53868 Filesystem access.
repo/playground/ssr-noexternal/server.js:54
        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b1bbf1693d3a69fe Environment-variable access.
repo/playground/ssr-pug/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #49dbc3387335bf7e Filesystem access.
repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:9
  const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c9a7d8f2fe134649 Filesystem access.
repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:38
    const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a220e7ece69f358 Environment-variable access.
repo/playground/ssr-wasm/server.js:3
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b76b56a59596751a Environment-variable access.
repo/playground/ssr-wasm/server.js:4
const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b58633a58c2ee17d Environment-variable access.
repo/playground/ssr-webworker/worker.js:4
const isTest = !!process.env.TEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61ce51c91ccd4381 Environment-variable access.
repo/playground/ssr/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af6437c08101169e Filesystem access.
repo/playground/ssr/server.js:47
      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #577dea7afe411ea1 Filesystem access.
repo/playground/test-utils.ts:164
  return fs.readFileSync(path.resolve(testDir, filename), encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ca1b724e7b7a6cd Filesystem access.
repo/playground/test-utils.ts:190
  const content: string | Buffer = fs.readFileSync(filename, encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb21b37a74e0b975 Filesystem access.
repo/playground/test-utils.ts:204
  fs.writeFileSync(filename, modified)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e02684cfd2599255 Filesystem access.
repo/playground/test-utils.ts:210
  fs.writeFileSync(resolvedFilename, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8884e01afd27be79 Filesystem access.
repo/playground/test-utils.ts:243
            fs.readFileSync(path.resolve(assetsDir, file), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1d1645b57a9da955 Filesystem access.
repo/playground/test-utils.ts:250
      ? fs.readFileSync(path.resolve(assetsDir, matchedFile), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f54ad2dc2d5bc68c Filesystem access.
repo/playground/test-utils.ts:257
    fs.readFileSync(
      path.join(testDir, 'dist', base, '.vite/manifest.json'),
      'utf-8',
    ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fcf7a15834d0d663 Filesystem access.
repo/playground/test-utils.ts:269
    fs.readFileSync(
      path.join(testDir, `node_modules/.vite/deps${suffix}/_metadata.json`),
      'utf-8',
    ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #faefb027c155eeab Filesystem access.
repo/playground/tsconfig-json-load-error/__tests__/tsconfig-json-load-error.spec.ts:18
      readFile('dist/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c996694941785720 Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:37
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8ed2575b86ee9a8f Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:51
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #525b7f3529e676a5 Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:66
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c7e306c516849741 Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:81
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1be87349c265d54f Environment-variable access.
repo/playground/vitestGlobalSetup.ts:13
    headless: !process.env.VITE_DEBUG_SERVE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc45ac21f6e80b89 Environment-variable access.
repo/playground/vitestGlobalSetup.ts:14
    args: process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72920f3e9ebdcd7f Environment-variable access.
repo/playground/vitestGlobalSetup.ts:68
  if (!process.env.VITE_PRESERVE_BUILD_ARTIFACTS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b37d951851f7d64 Environment-variable access.
repo/playground/vitestSetup.ts:66
export const isBuild = !!process.env.VITE_TEST_BUILD

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6db63f88c10bf747 Environment-variable access.
repo/playground/vitestSetup.ts:157
        process.env.VITE_DEBUG_SERVE &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4497f1261d674e7d Environment-variable access.
repo/playground/vitestSetup.ts:279
    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d3b85430a2e8c32d Environment-variable access.
repo/playground/vitestSetup.ts:288
    process.env.VITE_INLINE = 'inline-build'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1652e82a700c159a Environment-variable access.
repo/playground/vitestSetup.ts:324
    const _nodeEnv = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #122b07ca3ef44e93 Environment-variable access.
repo/playground/vitestSetup.ts:327
    process.env.NODE_ENV = _nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9ffbfb817438491b Environment-variable access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:10
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f1daa497bf030629 Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:103
      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4e1f52e3b719b6a1 Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:111
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #30085214cf4dea43 Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:113
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6da988c065e37376 Environment-variable access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:19
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2b3137a9798472f2 Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:90
      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #69c669e4410f3379 Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:98
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0c3bbaa13fb3e722 Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:100
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9d577af060b3faa2 Environment-variable access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:10
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #79a87d4d7cec8fbf Filesystem access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:66
    const content = fs.readFileSync(path.resolve(chunksDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2dc2cec13659ce1e Filesystem access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:73
    const workerContent = fs.readFileSync(
      path.resolve(workerEntriesDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1ef22ea269e277ff Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:20
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3b79c167112f1520 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:23
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #17cf52c9e3a5e1ab Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:31
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2589b77147c68570 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:39
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9da43f0bb97b9c67 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:49
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dba79694669898e1 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:57
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3f82594ce49e723a Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:14
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5289ce85ba05564d Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:17
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fa65af1a26b9c151 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:25
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a7fbfcce225b3845 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:33
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #15545b3c4430d946 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:43
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #493aed8745a4aee1 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:51
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #eeb260a1bdc1d32a Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:20
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a1864810a8b5fc14 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:23
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #77a0722ea80494a0 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:31
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #57f76faa25019e17 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:39
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5c80d24c8fa62782 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:49
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e1c00339b750acf1 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:57
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d05f596c1b5d9353 Environment-variable access.
repo/playground/worker/modules/workerImport.ts:2
export const mode = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dbd1901bd2007c6b Environment-variable access.
repo/playground/worker/worker-sourcemap-config.js:7
    /** @type {'inline' | 'hidden' | 'sourcemap'} */ (
      process.env.WORKER_MODE
    ) || sourcemap

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7819c63ff8186a25 Filesystem access.
repo/scripts/mergeChangelog.ts:188
const content = await readFile(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b37e09732656de1c Filesystem access.
repo/scripts/mergeChangelog.ts:212
await writeFile(filePath, result, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5096c644b1ef2826 Filesystem access.
repo/scripts/releaseUtils.ts:19
    await fs.readFile(`packages/${pkgName}/package.json`, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b254b2c789f7a7b6 Filesystem access.
repo/scripts/releaseUtils.ts:55
    await fs.readFile('packages/vite/package.json', 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ad3bde61a614c49 Filesystem access.
repo/scripts/releaseUtils.ts:66
    const pkg = JSON.parse(await fs.readFile(pkgPath, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #19bbcdcf6ba989db Filesystem access.
repo/scripts/releaseUtils.ts:68
    await fs.writeFile(pkgPath, JSON.stringify(pkg, null, 2) + '\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #070a0a61d7706409 Environment-variable access.
repo/vitest.config.e2e.ts:4
const isBuild = !!process.env.VITE_TEST_BUILD

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01326a501d20014d Environment-variable access.
repo/vitest.config.e2e.ts:6
const timeout = process.env.PWDEBUG ? Infinity : process.env.CI ? 50000 : 30000

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ad834e4cce9a1b5 Environment-variable access.
repo/vitest.config.e2e.ts:36
        timeout: 50 * (process.env.CI ? 200 : 50),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de7b88df7e2281bd Environment-variable access.
repo/vitest.config.e2e.ts:40
      NODE_ENV: process.env.VITE_TEST_BUILD ? 'production' : 'development',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/create-vite

npm first-party
expand_more 18 low-confidence finding(s)
low env_fs test-only #f95b50f264b330a6 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:32
  fs.writeFileSync(pkgJson, '{ "foo": "bar" }')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #921e34ccdb2c858b Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:179
  const configFile = fs.readFileSync(
    path.join(genPath, 'vite.config.ts'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #80b6c7aa808b56e7 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:183
  const packageJsonFile = fs.readFileSync(
    path.join(genPath, 'package.json'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1b122e828ce0c7b3 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:187
  const readmeFile = fs.readFileSync(path.join(genPath, 'README.md'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f538b4db2e5c7999 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:205
  const pkg = fs.readFileSync(path.join(genPath, 'package.json'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fca7853dd4983556 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:210
  const readme = fs.readFileSync(path.join(genPath, 'README.md'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1117d37f36068208 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:224
  const pkg = fs.readFileSync(path.join(genPath, 'package.json'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #92ebc265dea2d227 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:288
  const indexHtmlContent = fs.readFileSync(indexHtmlPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0a28020ae4b05c4 Environment-variable access.
repo/packages/create-vite/src/index.ts:415
  if (process.env._VITE_TEST_CLI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bf46dd2ee37b2965 Environment-variable access.
repo/packages/create-vite/src/index.ts:429
  if (process.env._VITE_TEST_CLI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34d2ef2366f78c62 Environment-variable access.
repo/packages/create-vite/src/index.ts:466
  const pkgInfo = pkgFromUserAgent(process.env.npm_config_user_agent)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63371a71762a9735 Filesystem access.
repo/packages/create-vite/src/index.ts:676
      fs.writeFileSync(targetPath, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bd24c2c11b8e543a Filesystem access.
repo/packages/create-vite/src/index.ts:679
      const templateContent = fs.readFileSync(templatePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e58d830a3286a03b Filesystem access.
repo/packages/create-vite/src/index.ts:684
      fs.writeFileSync(targetPath, updatedContent)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c6f40bcfdaaf3b16 Filesystem access.
repo/packages/create-vite/src/index.ts:696
    fs.readFileSync(path.join(templateDir, `package.json`), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #699bac7058d6d4c6 Filesystem access.
repo/packages/create-vite/src/index.ts:914
  fs.writeFileSync(path.resolve(root, 'eslint.config.js'), eslintConfig)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d37e192b6d1fb0ac Filesystem access.
repo/packages/create-vite/src/index.ts:1043
  const content = fs.readFileSync(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b64e55f4567f026f Filesystem access.
repo/packages/create-vite/src/index.ts:1044
  fs.writeFileSync(file, callback(content), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/plugin-legacy

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs test-only #4903a7e972ba3ce4 Filesystem access.
repo/packages/plugin-legacy/src/__tests__/readme.spec.ts:7
  const readme = fs.readFileSync(
    path.resolve(import.meta.dirname, '../../README.md'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #134e8df881054e50 Environment-variable access.
repo/packages/plugin-legacy/src/index.ts:182
  const debugFlags = (process.env.DEBUG || '').split(',')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/vite

npm first-party
expand_more 127 low-confidence finding(s)
low env_fs production #6e01da099550b1c6 Environment-variable access.
repo/packages/vite/bin/vite.js:6
  if (!process.env.DEBUG_DISABLE_SOURCE_MAP) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe910ced09f9b86d Environment-variable access.
repo/packages/vite/bin/vite.js:36
  process.env.DEBUG = `${

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #abf5e1cd68d5e3e4 Environment-variable access.
repo/packages/vite/bin/vite.js:37
    process.env.DEBUG ? process.env.DEBUG + ',' : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f14ada2adb5cab60 Environment-variable access.
repo/packages/vite/bin/vite.js:43
      process.env.VITE_DEBUG_FILTER = filter

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #594db05b982f522c Filesystem access.
repo/packages/vite/rolldown.config.ts:12
  readFileSync(new URL('./package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #734ac86a0a50ca1f Environment-variable access.
repo/packages/vite/rolldown.config.ts:14
const disableSourceMap = !!process.env.DEBUG_DISABLE_SOURCE_MAP

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9fabbde7d2f66e05 Filesystem access.
repo/packages/vite/rolldown.config.ts:180
        writeFileSync(
          'dist/node/index.d.ts',
          "export * from '../../src/node/index.ts'",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b520c77f1ea1e2a9 Filesystem access.
repo/packages/vite/rolldown.config.ts:184
        writeFileSync(
          'dist/node/module-runner.d.ts',
          "export * from '../../src/module-runner/index.ts'",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5228f6d1ed6a383f Filesystem access.
repo/packages/vite/rolldown.dts.config.ts:23
  readFileSync(new URL('./package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2c33817323607109 Filesystem access.
repo/packages/vite/rollupLicensePlugin.ts:17
      const coreLicense = fs.readFileSync(
        new URL('../../LICENSE', import.meta.url),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c647669b34e80b4d Filesystem access.
repo/packages/vite/rollupLicensePlugin.ts:108
      const existingLicenseText = fs.readFileSync(licenseFilePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #801862610d48ed70 Filesystem access.
repo/packages/vite/rollupLicensePlugin.ts:110
        fs.writeFileSync(licenseFilePath, licenseText)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #87b5e8cd8cdb9d38 Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1152
  const content = await fsp.readFile(entry, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4bc8a5af5617aa21 Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1153
  await fsp.writeFile(
    entry,
    content.replace(`import('./dep.js')`, `'dep.js removed'`),
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8c9b43b41193d0ba Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1158
    await fsp.writeFile(entry, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #72ea73ec9358ea72 Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1188
    fsp.readFile(resolve(root, 'dist/favicon.svg'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3200c2325974dd49 Filesystem access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1386
      fs.writeFileSync(path.resolve(root, fileName), content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b8ba4c094f8a2f3a Filesystem access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1390
      fs.writeFileSync(
        path.resolve(root, 'package.json'),
        JSON.stringify({
          name: '@vitejs/test-load-config-from-file',
          type: typeField,
        }),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d08ba9132fb3340a Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1599
    delete process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c594638950779a87 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1603
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'example.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #855f88ad719b0431 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1613
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #349dec45b6675708 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1628
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #91154b1ab75e87a8 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1643
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2cb236f87700f613 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1654
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'new.com,another.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ab1103c63a9b5fd6 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1668
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'example.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6dca06404fe87682 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1680
      process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = env

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #eaf22642b8d007f8 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:54
    expect(process.env.VITE_USER_NODE_ENV).toEqual(undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #213367b9860502e8 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:58
    const _nodeEnv = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ab777a7b2f8381fc Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:59
    process.env.NODE_ENV = 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1137134d289be5f8 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:61
    expect(process.env.VITE_USER_NODE_ENV).toEqual('development')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1ebed5bd0fd6ce72 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:62
    process.env.NODE_ENV = _nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d96171ed0864b5b8 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:66
    process.env.VITE_USER_NODE_ENV = 'test'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fea4d0bbd4c36e56 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:68
    expect(process.env.VITE_USER_NODE_ENV).toEqual('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #accf26d4f82bf04c Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:72
    process.env.VITE_ENV_TEST_ENV = 'EXIST'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e4833c8a659cf662 Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/cssPreprocessorTeardown.spec.ts:25
    fs.writeFileSync(scssPath, '$c: red;\nbody { color: $c; }\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #884046af377f601e Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/cssPreprocessorTeardown.spec.ts:37
        fs.readFileSync(scssPath, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #caee8a54f54aceaa Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/importGlob/fixture.spec.ts:14
      await transformWithEsbuild(await fs.readFile(id, 'utf-8'), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3089f6c09ef3a6a8 Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/importGlob/fixture.spec.ts:85
      await transformWithEsbuild(await fs.readFile(id, 'utf-8'), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b703d9e1fd2b09f1 Environment-variable access.
repo/packages/vite/src/node/build.ts:1091
  const tty = process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb0df33cdea85696 Filesystem access.
repo/packages/vite/src/node/cli.ts:80
        fs.writeFileSync(outPath, JSON.stringify(profile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1fc289aace8a5031 Environment-variable access.
repo/packages/vite/src/node/config.ts:1422
  if (process.env.NODE_ENV === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac963be8dd2ec4cb Environment-variable access.
repo/packages/vite/src/node/config.ts:1425
      process.env.NODE_ENV = nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01ccdfa7fd9c4d4f Environment-variable access.
repo/packages/vite/src/node/config.ts:1428
  const isNodeEnvSet = !!process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23ad92c5f92733a9 Environment-variable access.
repo/packages/vite/src/node/config.ts:1434
    process.env.NODE_ENV = defaultNodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97040d03ea7d6143 Environment-variable access.
repo/packages/vite/src/node/config.ts:1730
  const userNodeEnv = process.env.VITE_USER_NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e8d02fc20d116a5 Environment-variable access.
repo/packages/vite/src/node/config.ts:1733
      process.env.NODE_ENV = 'development'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #42cf31bbc044f2e5 Environment-variable access.
repo/packages/vite/src/node/config.ts:1744
  const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #be02a7b287ffd44b Filesystem access.
repo/packages/vite/src/node/config.ts:2658
    await fsp.writeFile(tempFileName, bundledCode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #980abf8c348284fc Filesystem access.
repo/packages/vite/src/node/constants.ts:7
  readFileSync(new URL('../../package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #98d973b333ffa4aa Filesystem access.
repo/packages/vite/src/node/env.ts:59
      const parsedEnv = parseEnv(fs.readFileSync(filePath, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5c0c6dbd351cabc3 Environment-variable access.
repo/packages/vite/src/node/env.ts:67
  if (parsed.NODE_ENV && process.env.VITE_USER_NODE_ENV === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #235745b6574eae41 Environment-variable access.
repo/packages/vite/src/node/env.ts:68
    process.env.VITE_USER_NODE_ENV = parsed.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #679960b214a3778f Environment-variable access.
repo/packages/vite/src/node/env.ts:71
  if (parsed.BROWSER && process.env.BROWSER === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #64dc35ca6c409025 Environment-variable access.
repo/packages/vite/src/node/env.ts:72
    process.env.BROWSER = parsed.BROWSER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #832d1378e62bfb77 Environment-variable access.
repo/packages/vite/src/node/env.ts:74
  if (parsed.BROWSER_ARGS && process.env.BROWSER_ARGS === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b7a2bf8752db20d6 Environment-variable access.
repo/packages/vite/src/node/env.ts:75
    process.env.BROWSER_ARGS = parsed.BROWSER_ARGS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe582ba9c6935a24 Environment-variable access.
repo/packages/vite/src/node/env.ts:100
      env[key] = process.env[key]!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb2b6fabafa5490c Filesystem access.
repo/packages/vite/src/node/http.ts:162
    return fsp.readFile(path.resolve(value)).catch(() => value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b950ba86b81f3cc6 Environment-variable access.
repo/packages/vite/src/node/logger.ts:84
    allowClearScreen && process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ac248c15725ea37 Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:414
        await fsp.readFile(cachedMetadataPath, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #32a343de939c3f9a Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:540
  fs.writeFileSync(
    path.resolve(processingCacheDir, 'package.json'),
    `{\n  "type": "module"\n}\n`,
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ce95c18f3408bdb Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:595
      fs.writeFileSync(
        dataPath,
        stringifyDepsOptimizerMetadata(metadata, depsCacheDir),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee78f99589df318d Environment-variable access.
repo/packages/vite/src/node/optimizer/index.ts:817
      : JSON.stringify(process.env.NODE_ENV || environment.config.mode),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #95ed862cd7dc71ea Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:1161
  const entryContent = fs.readFileSync(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4219210ee121f96a Environment-variable access.
repo/packages/vite/src/node/optimizer/index.ts:1280
  return process.env.npm_config_user_agent?.startsWith(manager) ? 1 : -1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1e8bc32e46e3220c Environment-variable access.
repo/packages/vite/src/node/optimizer/index.ts:1292
        ? process.env.NODE_ENV || config.mode

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #98c40eebb7718fcc Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:1331
  let content = lockfilePath ? fs.readFileSync(lockfilePath, 'utf-8') : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4aa9a67773c13cae Filesystem access.
repo/packages/vite/src/node/optimizer/scan.ts:454
    let raw = await fsp.readFile(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9409a013464b486f Filesystem access.
repo/packages/vite/src/node/packages.ts:179
  const data = JSON.parse(stripBomTag(fs.readFileSync(pkgPath, 'utf-8')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a43ad7b60447e31 Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:210
              await fsp.readFile(file, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #530d384efecf3db7 Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:344
    const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #46821e42261d9951 Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:353
    const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0d3c1ed365efe79d Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:452
  const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #268f72a93ee14182 Environment-variable access.
repo/packages/vite/src/node/plugins/clientInjections.ts:55
          JSON.stringify(process.env.NODE_ENV || config.mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #43941c75d3030102 Filesystem access.
repo/packages/vite/src/node/plugins/clientInjections.ts:147
  const content = fs.readFileSync(normalizedClientEntry, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36d64e51d46e991f Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:1605
          const code = await fs.promises.readFile(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #50be7716850e291d Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:2600
            result.contents ?? (await fsp.readFile(result.file, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3383d2590823c4de Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:2747
  const content = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4118441828947e1f Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:2880
                  (await fsp.readFile(result.resolved, 'utf-8')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #90caa29db5aeaf48 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:3265
              const code = fs.readFileSync(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1dac2ae0073f2214 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:3356
        const code = fs.readFileSync(e.fileName, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b99dd2a452e66a4e Environment-variable access.
repo/packages/vite/src/node/plugins/define.ts:19
    const nodeEnv = process.env.NODE_ENV || config.mode

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4fa94080c44e4f8 Filesystem access.
repo/packages/vite/src/node/plugins/forwardConsole.ts:138
      const code = fs.readFileSync(stack.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7d78ea5d5b24a8ea Filesystem access.
repo/packages/vite/src/node/plugins/license.ts:83
            entry.text = fs.readFileSync(licenseFile, 'utf-8').trim()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #436852c9ae0248a9 Filesystem access.
repo/packages/vite/src/node/plugins/optimizedDeps.ts:89
            fsp.readFile(file, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5fd289d7b8358096 Filesystem access.
repo/packages/vite/src/node/plugins/optimizedDeps.ts:90
            fsp
              .readFile(`${file}.map`, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ae0cb8ccecedd009 Environment-variable access.
repo/packages/vite/src/node/plugins/reporter.ts:9
    const tty = process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #577419c5cf4a5ab9 Filesystem access.
repo/packages/vite/src/node/plugins/wasm.ts:192
    const wasmBinary = await fsp.readFile(wasmFilePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac191c5cdfa0369d Filesystem access.
repo/packages/vite/src/node/server/hmr.ts:1137
  const content = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7621e7f1cb1fe210 Filesystem access.
repo/packages/vite/src/node/server/hmr.ts:1149
    return await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3296b9ec640a67e4 Environment-variable access.
repo/packages/vite/src/node/server/index.ts:934
  if (process.env.DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd7a6e51c3501879 Filesystem access.
repo/packages/vite/src/node/server/index.ts:1275
    const content = fs.readFileSync(pnpmModulesYaml, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c77a2e16cda1a964 Environment-variable access.
repo/packages/vite/src/node/server/index.ts:1316
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6f16dbb3782899a Environment-variable access.
repo/packages/vite/src/node/server/index.ts:1320
      process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #08ddc453caeeded6 Filesystem access.
repo/packages/vite/src/node/server/middlewares/__tests__/indexHtml.spec.ts:9
const HTML_CONTENT = fs.readFileSync(HTML_PATH, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #006d6e0b5ef9cc96 Filesystem access.
repo/packages/vite/src/node/server/middlewares/__tests__/indexHtml.spec.ts:68
    const htmlContent = fs.readFileSync(htmlPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a8dba6c3d533aa49 Filesystem access.
repo/packages/vite/src/node/server/middlewares/indexHtml.ts:540
          let html = await fsp.readFile(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9d6fbbb44c789a4 Filesystem access.
repo/packages/vite/src/node/server/middlewares/transform.ts:170
              await fsp.readFile(sourcemapPath, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #54e965efd0d45578 Environment-variable access.
repo/packages/vite/src/node/server/openBrowser.ts:31
  const browser = typeof opt === 'string' ? opt : process.env.BROWSER || ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d52330ad23bd725d Environment-variable access.
repo/packages/vite/src/node/server/openBrowser.ts:35
    const browserArgs = process.env.BROWSER_ARGS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dbee43594378a64e Environment-variable access.
repo/packages/vite/src/node/server/openBrowser.ts:36
      ? process.env.BROWSER_ARGS.split(' ')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2fa843fdde41e3fc Environment-variable access.
repo/packages/vite/src/node/server/pluginContainer.ts:111
  process.env.DEBUG_VITE_SOURCEMAP_COMBINE_FILTER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d39d68e3be1620d4 Filesystem access.
repo/packages/vite/src/node/server/pluginContainer.ts:961
              code = fs.readFileSync(err.loc.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2252b54a57d342f2 Filesystem access.
repo/packages/vite/src/node/server/pluginContainer.ts:1000
              code = fs.readFileSync(err.loc.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9ad3d504d49a0cda Filesystem access.
repo/packages/vite/src/node/server/searchRoot.ts:31
    const content = JSON.parse(fs.readFileSync(path, 'utf-8')) || {}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3366aa20b7519760 Filesystem access.
repo/packages/vite/src/node/server/searchRoot.ts:46
      const content = JSON.parse(fs.readFileSync(path, 'utf-8')) || {}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d399c49e78f96779 Filesystem access.
repo/packages/vite/src/node/server/sourcemap.ts:112
          sourcesContent[index] = await fsp
            .readFile(resolvedSourcePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #255b4508344c512c Filesystem access.
repo/packages/vite/src/node/server/sourcemap.ts:241
    return fs.readFileSync(resolvedPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #572d62e0e986e5b1 Filesystem access.
repo/packages/vite/src/node/server/transformRequest.ts:284
        code = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #47df4b3d734d84c2 Filesystem access.
repo/packages/vite/src/node/server/warmup.ts:34
        const html = await fs.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #302858aa1f4eb8f4 Environment-variable access.
repo/packages/vite/src/node/shortcuts.ts:36
  enabled: boolean = process.stdin.isTTY && !process.env.CI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #80e244599fdf87ad Filesystem access.
repo/packages/vite/src/node/ssr/__tests__/ssrLoadModule.spec.ts:233
  const source = fs.readFileSync(
    path.join(root, 'fixtures/json/test.json'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cf9d3ee7e4e15ad8 Filesystem access.
repo/packages/vite/src/node/ssr/__tests__/ssrTransform.spec.ts:644
    return readFileSync(fileURLToPath(url), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #adfdf2eeed939b27 Filesystem access.
repo/packages/vite/src/node/ssr/__tests__/ssrTransform.spec.ts:669
    return readFileSync(fileURLToPath(url), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #884986dbe1d09e5b Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/fixtures/native.js:3
export { readdirSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fd0c85ce007136b2 Environment-variable access.
repo/packages/vite/src/node/ssr/runtime/__tests__/server-hmr.spec.ts:137
  process.env.CI ? 50_00 : 5_000,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4c075528fcc373c4 Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:114
      fs.writeFileSync(file, content, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e7f34090f229edc0 Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:121
      const content = fs.readFileSync(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6d215897a2302319 Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:123
      fs.writeFileSync(file, callback(content), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #461973e775b7af1b Filesystem access.
repo/packages/vite/src/node/ssr/runtime/serverModuleRunner.ts:66
      return readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2c1dcd31b40166bb Environment-variable access.
repo/packages/vite/src/node/utils.ts:176
const filter = process.env.VITE_DEBUG_FILTER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9d37734367594df7 Environment-variable access.
repo/packages/vite/src/node/utils.ts:178
const DEBUG = process.env.DEBUG

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27fcf46150d996ad Environment-variable access.
repo/packages/vite/src/node/utils.ts:1246
    const method = process.env.VITE_DEPRECATION_TRACE ? 'trace' : 'warn'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f2313c4ce7fe7b9 Environment-variable access.
repo/packages/vite/src/node/utils.ts:1351
    const method = process.env.VITE_DEPRECATION_TRACE ? 'trace' : 'warn'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aa3d961009329801 Environment-variable access.
repo/packages/vite/src/node/utils.ts:1708
    process.env.npm_config_user_agent?.split(' ')[0].split('/')[0] || 'npm'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0824e504ba5af90 Environment-variable access.
repo/packages/vite/src/node/utils.ts:1833
    if (process.env.CI !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #043716fb5bdc347b Environment-variable access.
repo/packages/vite/src/node/utils.ts:1846
    if (process.env.CI !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground

npm first-party
expand_more 165 low-confidence finding(s)
low env_fs test-only #024468d4a0ebbe82 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:536
  const src = readFile('foo.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c674544b9e3effb1 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:555
    const src = readFile('テスト-測試-white space.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9fd2a2904f76b3ed Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:579
    const newContent = readFile('import-meta-url/img-update.png', null)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #89b9bb634f088911 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:787
  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2db1a741b605e4a8 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:794
  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc9bb501506e0dcf Filesystem access.
repo/playground/csp/vite.config.js:28
  const content = await fs.readFile(
    path.join(import.meta.dirname, file),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75b69636c585dac6 Environment-variable access.
repo/playground/css-lightningcss-proxy/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2141b178a8f9619c Filesystem access.
repo/playground/css-lightningcss-proxy/server.js:59
      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5e685d80fddfff2c Filesystem access.
repo/playground/css/__tests__/tests.ts:412
    readFileSync(require.resolve('../raw-imported.css'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc9f38c00f679ac2 Filesystem access.
repo/playground/css/postcss.config.js:23
        const text = files.map((f) => fs.readFileSync(f, 'utf-8')).join('\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #00bde24ce01e0402 Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:52
  expect(await page.textContent('.node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #754ac9e5b85b963e Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:53
  expect(await page.textContent('.global-node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5b1066805ff5f698 Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:55
    process.env.NODE_ENV,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #68cfd8b338be5502 Environment-variable access.
repo/playground/env/vite.config.js:3
process.env.EXPAND = 'expand'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a40be2077e711df0 Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:49
      fs.readFileSync(file, 'utf-8').includes('process.env.NODE_ENV'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #45ad28139f40578d Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:67
      const originalContent = readFile(filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3470ac7d13451ef9 Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:68
      fs.writeFileSync(
        filePath,
        `import 'react-fake-${env}'\n${originalContent}`,
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #caffd10f91815014 Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:74
        fs.writeFileSync(filePath, originalContent, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #16a08ff2cf47121a Filesystem access.
repo/playground/external/vite.config.js:13
      const code = await fs.readFile(
        new URL(`./node_modules/${file}`, import.meta.url),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c553b05d701062d5 Filesystem access.
repo/playground/fs-serve/__tests__/commonTests.ts:26
const safeJsonContent = fs.readFileSync(
  path.resolve(import.meta.dirname, '../safe.json'),
  'utf-8',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2457043ab15b4356 Filesystem access.
repo/playground/hmr-full-bundle-mode/__tests__/hmr-full-bundle-mode.spec.ts:144
    const original = readFile('hmr-asset.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #86802a1702fe6971 Filesystem access.
repo/playground/hmr-full-bundle-mode/__tests__/hmr-full-bundle-mode.spec.ts:228
    const original = readFile('invalidation-child.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2156f13e79c7b1e3 Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:299
      const originalUnresolvedFile = readFile('unresolved.ts')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #892b1cb75ebbbaf6 Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:302
        fs.writeFileSync(filepath, originalUnresolvedFile, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d2fba7ebd6a3735b Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:785
  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bee88bb2fcd7df73 Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:855
  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #05b9fde2fef09954 Filesystem access.
repo/playground/hmr/__tests__/hmr.spec.ts:924
    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ff85fdeebbbd50f7 Filesystem access.
repo/playground/hmr/__tests__/hmr.spec.ts:1001
    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3614e403193eca79 Filesystem access.
repo/playground/hmr/vite.config.ts:114
        const dep = await fs.readFile(depPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4c74b8ba9db38be8 Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:308
      const mapContent = readFile(`dist/assets/${mapAsset}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #827c9cb4e0617749 Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:384
      const jsContent = readFile(jsAsset)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b632a984cead9bdb Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:395
      const mapContent = readFile(mapFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2a167c3edcc3e5a4 Filesystem access.
repo/playground/json/__tests__/csr/json-csr.spec.ts:48
    readFileSync(require.resolve('../../test.json'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1af21665d8d07647 Filesystem access.
repo/playground/legacy/__tests__/legacy.spec.ts:171
          readFile(`dist/assets/${filename}`).includes('Unable to preload'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b1ba23a7e663bc06 Filesystem access.
repo/playground/legacy/vite.config-chunk-importmap.js:21
    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5e25878a19053f4 Filesystem access.
repo/playground/legacy/vite.config-chunk-importmap.js:25
    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0f9199bf59d2cbfd Filesystem access.
repo/playground/legacy/vite.config.js:45
    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25569c1dec000d2a Filesystem access.
repo/playground/legacy/vite.config.js:49
    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #396893589b57f4e3 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:11
    const code = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b8c61e5ae745ef6f Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:12
    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.umd.cjs',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b1f83b61a06e5504 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:15
    const namedCode = readFile('dist/named/my-lib-named.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2e30980359a85b82 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:26
    const code = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #117b99133d52ea57 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:27
    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dfa92309315cb0a0 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:30
    const namedCode = readFile('dist/named/my-lib-named.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #14aad44ce9994c7d Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:40
    const code = readFile(
      'dist/helpers-injection/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9d4f488dc2c728f8 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:52
    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #97d73902b7cde01b Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:60
    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0948a18ba622df24 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:70
    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #258bbbb983234b18 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:75
    const es = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0044991bee7a06b3 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:87
    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c35a592e50317727 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:88
    const iife = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #df780787b489b331 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:89
    const umd = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7ad3afcabd7213f8 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:96
    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ea5f353b7c3b2ad0 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:101
    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6a134734957bcd5d Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:106
    const terserIife = readFile('dist/terser/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #eba7d7426a3458b4 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:111
    const css = readFile('dist/css-single-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #710288e5989fd8ff Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:112
    const js = readFile('dist/css-single-entry/test-my-lib.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #17d1ba3ee15869b3 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:113
    const umd = readFile('dist/css-single-entry/test-my-lib.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6b1d63dc1016d4e1 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:120
    const css = readFile('dist/css-multi-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e611bffd6d1c0260 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:121
    const js1 = readFile('dist/css-multi-entry/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1da8e3a0ac9cbfc0 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:122
    const js2 = readFile('dist/css-multi-entry/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #970c0ee5f7fc3885 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:123
    const cjs1 = readFile('dist/css-multi-entry/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c027d8cc7538bf9f Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:124
    const cjs2 = readFile('dist/css-multi-entry/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0b0a179d5113be6e Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:134
    const css1 = readFile('dist/css-code-split/css-entry-1.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #114f8ad3662f3425 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:135
    const css2 = readFile('dist/css-code-split/css-entry-2.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f3e890bb48b3d451 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:136
    const js1 = readFile('dist/css-code-split/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dc354e7ac4054abe Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:137
    const js2 = readFile('dist/css-code-split/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b50a10637aa34388 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:138
    const cjs1 = readFile('dist/css-code-split/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2e93ff4deafd96a8 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:139
    const cjs2 = readFile('dist/css-code-split/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #94c7d0eb8635e627 Environment-variable access.
repo/playground/lib/__tests__/serve.ts:26
    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d2560e147964d89 Environment-variable access.
repo/playground/lib/src/main.js:8
  console.log(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e63fc38207d8cf8c Filesystem access.
repo/playground/lib/vite.config.js:38
          source: fs.readFileSync(
            path.resolve(import.meta.dirname, 'index.dist.html'),
            'utf-8',
          ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86bd7e2e1e2fdf11 Environment-variable access.
repo/playground/lib/vite.multiple-output.config.js:4
const root = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #23bb646cd1e11ac5 Filesystem access.
repo/playground/minify/__tests__/minify.spec.ts:11
  const jsContent = readFile(path.resolve(assetsDir, jsFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #811eefe0040e873c Filesystem access.
repo/playground/minify/__tests__/minify.spec.ts:14
  const cssContent = readFile(path.resolve(assetsDir, cssFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0837008544fabd6 Environment-variable access.
repo/playground/optimize-deps-no-discovery/vite.config.js:4
process.env.NODE_ENV = ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #790543a54bb0ddf9 Environment-variable access.
repo/playground/optimize-deps/dep-cjs-with-external-deps/index.js:5
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aaff9bf4d188b7c1 Filesystem access.
repo/playground/optimize-deps/dep-linked-include/index.mjs:16
  fs.readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b97d04fb1397d039 Environment-variable access.
repo/playground/optimize-deps/dep-node-env/index.js:1
export const env = process.env.NODE_ENV === 'production' ? 'prod' : 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #09ed626645b17243 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f44cab2674cb0b0d Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:20
  return fs.readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e03114f2f611814a Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:3
import { readFileSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dae6e5e60aa38991 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:9
  readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3210ec1236c2f1c4 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:23
  return readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #844c06fbf8860ead Filesystem access.
repo/playground/optimize-deps/vite.config.js:116
                    let contents = fs.readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6b3caea791338e27 Environment-variable access.
repo/playground/optimize-missing-deps/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0243b06dbec7e6df Filesystem access.
repo/playground/optimize-missing-deps/server.js:33
      let template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d5c091ce60788c7 Environment-variable access.
repo/playground/ssr-alias/src/main.js:8
  builtin: process.env['__TEST_ALIAS__'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33857c0babe54e31 Environment-variable access.
repo/playground/ssr-conditions/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0339cda8a9a4e02 Environment-variable access.
repo/playground/ssr-conditions/server.js:10
  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b9696bc6f3a80ff1 Filesystem access.
repo/playground/ssr-conditions/server.js:16
    ? fs.readFileSync(resolve('dist/client/index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad70da91ac014f75 Filesystem access.
repo/playground/ssr-conditions/server.js:56
        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7e169976f79a1285 Environment-variable access.
repo/playground/ssr-deps/__tests__/ssr-deps.spec.ts:103
    `Hello World from ${process.env.NODE_ENV}!`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fec8f2d241ffc572 Filesystem access.
repo/playground/ssr-deps/read-file-content/index.js:5
  return await fs.readFile(path.resolve(filePath), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f3fc2394274ffaa Environment-variable access.
repo/playground/ssr-deps/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5f88688e12c90be Filesystem access.
repo/playground/ssr-deps/server.js:100
      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #764c98948148eb41 Environment-variable access.
repo/playground/ssr-html/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1d7804cfb47c8c24 Filesystem access.
repo/playground/ssr-html/server.js:79
        const template = fs.readFileSync(resolve(`.${url}index.html`), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de47180fcf939e51 Filesystem access.
repo/playground/ssr-html/server.js:94
      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b09ff4f4142fefdf Environment-variable access.
repo/playground/ssr-html/test-stacktrace.js:10
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c259ec6b2776b275 Environment-variable access.
repo/playground/ssr-noexternal/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #690e7f02e7a2b425 Environment-variable access.
repo/playground/ssr-noexternal/server.js:9
  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1624136590033b0f Filesystem access.
repo/playground/ssr-noexternal/server.js:15
    ? fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d46715ba0f53868 Filesystem access.
repo/playground/ssr-noexternal/server.js:54
        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b1bbf1693d3a69fe Environment-variable access.
repo/playground/ssr-pug/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #49dbc3387335bf7e Filesystem access.
repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:9
  const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c9a7d8f2fe134649 Filesystem access.
repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:38
    const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a220e7ece69f358 Environment-variable access.
repo/playground/ssr-wasm/server.js:3
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b76b56a59596751a Environment-variable access.
repo/playground/ssr-wasm/server.js:4
const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b58633a58c2ee17d Environment-variable access.
repo/playground/ssr-webworker/worker.js:4
const isTest = !!process.env.TEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61ce51c91ccd4381 Environment-variable access.
repo/playground/ssr/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af6437c08101169e Filesystem access.
repo/playground/ssr/server.js:47
      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #577dea7afe411ea1 Filesystem access.
repo/playground/test-utils.ts:164
  return fs.readFileSync(path.resolve(testDir, filename), encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ca1b724e7b7a6cd Filesystem access.
repo/playground/test-utils.ts:190
  const content: string | Buffer = fs.readFileSync(filename, encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb21b37a74e0b975 Filesystem access.
repo/playground/test-utils.ts:204
  fs.writeFileSync(filename, modified)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e02684cfd2599255 Filesystem access.
repo/playground/test-utils.ts:210
  fs.writeFileSync(resolvedFilename, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8884e01afd27be79 Filesystem access.
repo/playground/test-utils.ts:243
            fs.readFileSync(path.resolve(assetsDir, file), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1d1645b57a9da955 Filesystem access.
repo/playground/test-utils.ts:250
      ? fs.readFileSync(path.resolve(assetsDir, matchedFile), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f54ad2dc2d5bc68c Filesystem access.
repo/playground/test-utils.ts:257
    fs.readFileSync(
      path.join(testDir, 'dist', base, '.vite/manifest.json'),
      'utf-8',
    ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fcf7a15834d0d663 Filesystem access.
repo/playground/test-utils.ts:269
    fs.readFileSync(
      path.join(testDir, `node_modules/.vite/deps${suffix}/_metadata.json`),
      'utf-8',
    ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #faefb027c155eeab Filesystem access.
repo/playground/tsconfig-json-load-error/__tests__/tsconfig-json-load-error.spec.ts:18
      readFile('dist/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c996694941785720 Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:37
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8ed2575b86ee9a8f Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:51
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #525b7f3529e676a5 Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:66
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c7e306c516849741 Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:81
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1be87349c265d54f Environment-variable access.
repo/playground/vitestGlobalSetup.ts:13
    headless: !process.env.VITE_DEBUG_SERVE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc45ac21f6e80b89 Environment-variable access.
repo/playground/vitestGlobalSetup.ts:14
    args: process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72920f3e9ebdcd7f Environment-variable access.
repo/playground/vitestGlobalSetup.ts:68
  if (!process.env.VITE_PRESERVE_BUILD_ARTIFACTS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b37d951851f7d64 Environment-variable access.
repo/playground/vitestSetup.ts:66
export const isBuild = !!process.env.VITE_TEST_BUILD

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6db63f88c10bf747 Environment-variable access.
repo/playground/vitestSetup.ts:157
        process.env.VITE_DEBUG_SERVE &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4497f1261d674e7d Environment-variable access.
repo/playground/vitestSetup.ts:279
    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d3b85430a2e8c32d Environment-variable access.
repo/playground/vitestSetup.ts:288
    process.env.VITE_INLINE = 'inline-build'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1652e82a700c159a Environment-variable access.
repo/playground/vitestSetup.ts:324
    const _nodeEnv = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #122b07ca3ef44e93 Environment-variable access.
repo/playground/vitestSetup.ts:327
    process.env.NODE_ENV = _nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9ffbfb817438491b Environment-variable access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:10
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f1daa497bf030629 Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:103
      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4e1f52e3b719b6a1 Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:111
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #30085214cf4dea43 Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:113
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6da988c065e37376 Environment-variable access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:19
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2b3137a9798472f2 Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:90
      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #69c669e4410f3379 Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:98
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0c3bbaa13fb3e722 Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:100
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9d577af060b3faa2 Environment-variable access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:10
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #79a87d4d7cec8fbf Filesystem access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:66
    const content = fs.readFileSync(path.resolve(chunksDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2dc2cec13659ce1e Filesystem access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:73
    const workerContent = fs.readFileSync(
      path.resolve(workerEntriesDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1ef22ea269e277ff Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:20
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3b79c167112f1520 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:23
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #17cf52c9e3a5e1ab Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:31
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2589b77147c68570 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:39
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9da43f0bb97b9c67 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:49
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dba79694669898e1 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:57
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3f82594ce49e723a Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:14
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5289ce85ba05564d Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:17
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fa65af1a26b9c151 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:25
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a7fbfcce225b3845 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:33
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #15545b3c4430d946 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:43
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #493aed8745a4aee1 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:51
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #eeb260a1bdc1d32a Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:20
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a1864810a8b5fc14 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:23
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #77a0722ea80494a0 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:31
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #57f76faa25019e17 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:39
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5c80d24c8fa62782 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:49
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e1c00339b750acf1 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:57
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d05f596c1b5d9353 Environment-variable access.
repo/playground/worker/modules/workerImport.ts:2
export const mode = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dbd1901bd2007c6b Environment-variable access.
repo/playground/worker/worker-sourcemap-config.js:7
    /** @type {'inline' | 'hidden' | 'sourcemap'} */ (
      process.env.WORKER_MODE
    ) || sourcemap

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/assets

npm first-party
expand_more 5 low-confidence finding(s)
low env_fs test-only #024468d4a0ebbe82 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:536
  const src = readFile('foo.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c674544b9e3effb1 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:555
    const src = readFile('テスト-測試-white space.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9fd2a2904f76b3ed Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:579
    const newContent = readFile('import-meta-url/img-update.png', null)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #89b9bb634f088911 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:787
  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2db1a741b605e4a8 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:794
  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/csp

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #fc9bb501506e0dcf Filesystem access.
repo/playground/csp/vite.config.js:28
  const content = await fs.readFile(
    path.join(import.meta.dirname, file),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/css

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs test-only #5e685d80fddfff2c Filesystem access.
repo/playground/css/__tests__/tests.ts:412
    readFileSync(require.resolve('../raw-imported.css'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc9f38c00f679ac2 Filesystem access.
repo/playground/css/postcss.config.js:23
        const text = files.map((f) => fs.readFileSync(f, 'utf-8')).join('\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/css-lightningcss-proxy

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #75b69636c585dac6 Environment-variable access.
repo/playground/css-lightningcss-proxy/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2141b178a8f9619c Filesystem access.
repo/playground/css-lightningcss-proxy/server.js:59
      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/env

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs test-only #00bde24ce01e0402 Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:52
  expect(await page.textContent('.node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #754ac9e5b85b963e Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:53
  expect(await page.textContent('.global-node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5b1066805ff5f698 Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:55
    process.env.NODE_ENV,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #68cfd8b338be5502 Environment-variable access.
repo/playground/env/vite.config.js:3
process.env.EXPAND = 'expand'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/environment-react-ssr

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs test-only #a40be2077e711df0 Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:49
      fs.readFileSync(file, 'utf-8').includes('process.env.NODE_ENV'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #45ad28139f40578d Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:67
      const originalContent = readFile(filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3470ac7d13451ef9 Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:68
      fs.writeFileSync(
        filePath,
        `import 'react-fake-${env}'\n${originalContent}`,
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #caffd10f91815014 Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:74
        fs.writeFileSync(filePath, originalContent, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/external

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #16a08ff2cf47121a Filesystem access.
repo/playground/external/vite.config.js:13
      const code = await fs.readFile(
        new URL(`./node_modules/${file}`, import.meta.url),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/fs-serve

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs test-only #c553b05d701062d5 Filesystem access.
repo/playground/fs-serve/__tests__/commonTests.ts:26
const safeJsonContent = fs.readFileSync(
  path.resolve(import.meta.dirname, '../safe.json'),
  'utf-8',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/hmr

npm first-party
expand_more 3 low-confidence finding(s)
low env_fs test-only #05b9fde2fef09954 Filesystem access.
repo/playground/hmr/__tests__/hmr.spec.ts:924
    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ff85fdeebbbd50f7 Filesystem access.
repo/playground/hmr/__tests__/hmr.spec.ts:1001
    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3614e403193eca79 Filesystem access.
repo/playground/hmr/vite.config.ts:114
        const dep = await fs.readFile(depPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/hmr-full-bundle-mode

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs test-only #2457043ab15b4356 Filesystem access.
repo/playground/hmr-full-bundle-mode/__tests__/hmr-full-bundle-mode.spec.ts:144
    const original = readFile('hmr-asset.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #86802a1702fe6971 Filesystem access.
repo/playground/hmr-full-bundle-mode/__tests__/hmr-full-bundle-mode.spec.ts:228
    const original = readFile('invalidation-child.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/hmr-ssr

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs test-only #2156f13e79c7b1e3 Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:299
      const originalUnresolvedFile = readFile('unresolved.ts')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #892b1cb75ebbbaf6 Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:302
        fs.writeFileSync(filepath, originalUnresolvedFile, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d2fba7ebd6a3735b Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:785
  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bee88bb2fcd7df73 Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:855
  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/js-sourcemap

npm first-party
expand_more 3 low-confidence finding(s)
low env_fs test-only #4c74b8ba9db38be8 Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:308
      const mapContent = readFile(`dist/assets/${mapAsset}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #827c9cb4e0617749 Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:384
      const jsContent = readFile(jsAsset)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b632a984cead9bdb Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:395
      const mapContent = readFile(mapFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/json

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs test-only #2a167c3edcc3e5a4 Filesystem access.
repo/playground/json/__tests__/csr/json-csr.spec.ts:48
    readFileSync(require.resolve('../../test.json'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/legacy

npm first-party
expand_more 5 low-confidence finding(s)
low env_fs test-only #1af21665d8d07647 Filesystem access.
repo/playground/legacy/__tests__/legacy.spec.ts:171
          readFile(`dist/assets/${filename}`).includes('Unable to preload'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b1ba23a7e663bc06 Filesystem access.
repo/playground/legacy/vite.config-chunk-importmap.js:21
    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5e25878a19053f4 Filesystem access.
repo/playground/legacy/vite.config-chunk-importmap.js:25
    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0f9199bf59d2cbfd Filesystem access.
repo/playground/legacy/vite.config.js:45
    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25569c1dec000d2a Filesystem access.
repo/playground/legacy/vite.config.js:49
    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/lib

npm first-party
expand_more 35 low-confidence finding(s)
low env_fs test-only #396893589b57f4e3 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:11
    const code = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b8c61e5ae745ef6f Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:12
    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.umd.cjs',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b1f83b61a06e5504 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:15
    const namedCode = readFile('dist/named/my-lib-named.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2e30980359a85b82 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:26
    const code = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #117b99133d52ea57 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:27
    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dfa92309315cb0a0 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:30
    const namedCode = readFile('dist/named/my-lib-named.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #14aad44ce9994c7d Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:40
    const code = readFile(
      'dist/helpers-injection/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9d4f488dc2c728f8 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:52
    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #97d73902b7cde01b Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:60
    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0948a18ba622df24 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:70
    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #258bbbb983234b18 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:75
    const es = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0044991bee7a06b3 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:87
    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c35a592e50317727 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:88
    const iife = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #df780787b489b331 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:89
    const umd = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7ad3afcabd7213f8 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:96
    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ea5f353b7c3b2ad0 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:101
    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6a134734957bcd5d Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:106
    const terserIife = readFile('dist/terser/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #eba7d7426a3458b4 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:111
    const css = readFile('dist/css-single-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #710288e5989fd8ff Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:112
    const js = readFile('dist/css-single-entry/test-my-lib.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #17d1ba3ee15869b3 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:113
    const umd = readFile('dist/css-single-entry/test-my-lib.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6b1d63dc1016d4e1 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:120
    const css = readFile('dist/css-multi-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e611bffd6d1c0260 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:121
    const js1 = readFile('dist/css-multi-entry/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1da8e3a0ac9cbfc0 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:122
    const js2 = readFile('dist/css-multi-entry/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #970c0ee5f7fc3885 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:123
    const cjs1 = readFile('dist/css-multi-entry/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c027d8cc7538bf9f Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:124
    const cjs2 = readFile('dist/css-multi-entry/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0b0a179d5113be6e Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:134
    const css1 = readFile('dist/css-code-split/css-entry-1.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #114f8ad3662f3425 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:135
    const css2 = readFile('dist/css-code-split/css-entry-2.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f3e890bb48b3d451 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:136
    const js1 = readFile('dist/css-code-split/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dc354e7ac4054abe Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:137
    const js2 = readFile('dist/css-code-split/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b50a10637aa34388 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:138
    const cjs1 = readFile('dist/css-code-split/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2e93ff4deafd96a8 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:139
    const cjs2 = readFile('dist/css-code-split/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #94c7d0eb8635e627 Environment-variable access.
repo/playground/lib/__tests__/serve.ts:26
    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d2560e147964d89 Environment-variable access.
repo/playground/lib/src/main.js:8
  console.log(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e63fc38207d8cf8c Filesystem access.
repo/playground/lib/vite.config.js:38
          source: fs.readFileSync(
            path.resolve(import.meta.dirname, 'index.dist.html'),
            'utf-8',
          ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86bd7e2e1e2fdf11 Environment-variable access.
repo/playground/lib/vite.multiple-output.config.js:4
const root = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/minify

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs test-only #23bb646cd1e11ac5 Filesystem access.
repo/playground/minify/__tests__/minify.spec.ts:11
  const jsContent = readFile(path.resolve(assetsDir, jsFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #811eefe0040e873c Filesystem access.
repo/playground/minify/__tests__/minify.spec.ts:14
  const cssContent = readFile(path.resolve(assetsDir, cssFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps

npm first-party
expand_more 9 low-confidence finding(s)
low env_fs production #790543a54bb0ddf9 Environment-variable access.
repo/playground/optimize-deps/dep-cjs-with-external-deps/index.js:5
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aaff9bf4d188b7c1 Filesystem access.
repo/playground/optimize-deps/dep-linked-include/index.mjs:16
  fs.readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b97d04fb1397d039 Environment-variable access.
repo/playground/optimize-deps/dep-node-env/index.js:1
export const env = process.env.NODE_ENV === 'production' ? 'prod' : 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #09ed626645b17243 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f44cab2674cb0b0d Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:20
  return fs.readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e03114f2f611814a Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:3
import { readFileSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dae6e5e60aa38991 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:9
  readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3210ec1236c2f1c4 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:23
  return readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #844c06fbf8860ead Filesystem access.
repo/playground/optimize-deps/vite.config.js:116
                    let contents = fs.readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps-no-discovery

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #e0837008544fabd6 Environment-variable access.
repo/playground/optimize-deps-no-discovery/vite.config.js:4
process.env.NODE_ENV = ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-cjs-with-external-deps

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #790543a54bb0ddf9 Environment-variable access.
repo/playground/optimize-deps/dep-cjs-with-external-deps/index.js:5
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-linked-include

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #aaff9bf4d188b7c1 Filesystem access.
repo/playground/optimize-deps/dep-linked-include/index.mjs:16
  fs.readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-node-env

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #b97d04fb1397d039 Environment-variable access.
repo/playground/optimize-deps/dep-node-env/index.js:1
export const env = process.env.NODE_ENV === 'production' ? 'prod' : 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-with-builtin-module-cjs

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #09ed626645b17243 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f44cab2674cb0b0d Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:20
  return fs.readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-with-builtin-module-esm

npm first-party
expand_more 3 low-confidence finding(s)
low env_fs production #e03114f2f611814a Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:3
import { readFileSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dae6e5e60aa38991 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:9
  readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3210ec1236c2f1c4 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:23
  return readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-missing-deps

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #6b3caea791338e27 Environment-variable access.
repo/playground/optimize-missing-deps/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0243b06dbec7e6df Filesystem access.
repo/playground/optimize-missing-deps/server.js:33
      let template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #61ce51c91ccd4381 Environment-variable access.
repo/playground/ssr/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af6437c08101169e Filesystem access.
repo/playground/ssr/server.js:47
      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-alias

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #4d5c091ce60788c7 Environment-variable access.
repo/playground/ssr-alias/src/main.js:8
  builtin: process.env['__TEST_ALIAS__'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-conditions

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs production #33857c0babe54e31 Environment-variable access.
repo/playground/ssr-conditions/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0339cda8a9a4e02 Environment-variable access.
repo/playground/ssr-conditions/server.js:10
  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b9696bc6f3a80ff1 Filesystem access.
repo/playground/ssr-conditions/server.js:16
    ? fs.readFileSync(resolve('dist/client/index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad70da91ac014f75 Filesystem access.
repo/playground/ssr-conditions/server.js:56
        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-deps

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs test-only #7e169976f79a1285 Environment-variable access.
repo/playground/ssr-deps/__tests__/ssr-deps.spec.ts:103
    `Hello World from ${process.env.NODE_ENV}!`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fec8f2d241ffc572 Filesystem access.
repo/playground/ssr-deps/read-file-content/index.js:5
  return await fs.readFile(path.resolve(filePath), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f3fc2394274ffaa Environment-variable access.
repo/playground/ssr-deps/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5f88688e12c90be Filesystem access.
repo/playground/ssr-deps/server.js:100
      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-html

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs production #764c98948148eb41 Environment-variable access.
repo/playground/ssr-html/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1d7804cfb47c8c24 Filesystem access.
repo/playground/ssr-html/server.js:79
        const template = fs.readFileSync(resolve(`.${url}index.html`), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de47180fcf939e51 Filesystem access.
repo/playground/ssr-html/server.js:94
      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b09ff4f4142fefdf Environment-variable access.
repo/playground/ssr-html/test-stacktrace.js:10
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-noexternal

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs production #c259ec6b2776b275 Environment-variable access.
repo/playground/ssr-noexternal/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #690e7f02e7a2b425 Environment-variable access.
repo/playground/ssr-noexternal/server.js:9
  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1624136590033b0f Filesystem access.
repo/playground/ssr-noexternal/server.js:15
    ? fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d46715ba0f53868 Filesystem access.
repo/playground/ssr-noexternal/server.js:54
        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-pug

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #b1bbf1693d3a69fe Environment-variable access.
repo/playground/ssr-pug/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-resolve

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs test-only #49dbc3387335bf7e Filesystem access.
repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:9
  const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c9a7d8f2fe134649 Filesystem access.
repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:38
    const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-wasm

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #9a220e7ece69f358 Environment-variable access.
repo/playground/ssr-wasm/server.js:3
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b76b56a59596751a Environment-variable access.
repo/playground/ssr-wasm/server.js:4
const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-webworker

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #b58633a58c2ee17d Environment-variable access.
repo/playground/ssr-webworker/worker.js:4
const isTest = !!process.env.TEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/tsconfig-json

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs test-only #c996694941785720 Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:37
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8ed2575b86ee9a8f Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:51
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #525b7f3529e676a5 Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:66
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c7e306c516849741 Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:81
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/tsconfig-json-load-error

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs test-only #faefb027c155eeab Filesystem access.
repo/playground/tsconfig-json-load-error/__tests__/tsconfig-json-load-error.spec.ts:18
      readFile('dist/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/worker

npm first-party
expand_more 31 low-confidence finding(s)
low env_fs test-only #9ffbfb817438491b Environment-variable access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:10
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f1daa497bf030629 Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:103
      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4e1f52e3b719b6a1 Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:111
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #30085214cf4dea43 Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:113
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6da988c065e37376 Environment-variable access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:19
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2b3137a9798472f2 Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:90
      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #69c669e4410f3379 Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:98
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0c3bbaa13fb3e722 Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:100
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9d577af060b3faa2 Environment-variable access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:10
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #79a87d4d7cec8fbf Filesystem access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:66
    const content = fs.readFileSync(path.resolve(chunksDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2dc2cec13659ce1e Filesystem access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:73
    const workerContent = fs.readFileSync(
      path.resolve(workerEntriesDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1ef22ea269e277ff Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:20
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3b79c167112f1520 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:23
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #17cf52c9e3a5e1ab Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:31
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2589b77147c68570 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:39
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9da43f0bb97b9c67 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:49
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dba79694669898e1 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:57
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3f82594ce49e723a Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:14
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5289ce85ba05564d Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:17
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fa65af1a26b9c151 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:25
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a7fbfcce225b3845 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:33
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #15545b3c4430d946 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:43
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #493aed8745a4aee1 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:51
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #eeb260a1bdc1d32a Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:20
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a1864810a8b5fc14 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:23
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #77a0722ea80494a0 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:31
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #57f76faa25019e17 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:39
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5c80d24c8fa62782 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:49
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e1c00339b750acf1 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:57
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d05f596c1b5d9353 Environment-variable access.
repo/playground/worker/modules/workerImport.ts:2
export const mode = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dbd1901bd2007c6b Environment-variable access.
repo/playground/worker/worker-sourcemap-config.js:7
    /** @type {'inline' | 'hidden' | 'sourcemap'} */ (
      process.env.WORKER_MODE
    ) || sourcemap

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

  • first-party (npm): playground/resolve/exports-legacy-fallback/dir prod — scan budget exceeded
  • first-party (npm): playground/forward-console/fixtures/throw-dep prod — scan budget exceeded
  • first-party (npm): playground/worker/dep-to-optimize prod — scan budget exceeded
  • first-party (npm): playground/worker/dep-cjs prod — scan budget exceeded
  • first-party (npm): playground/worker/dep-self-reference-url-worker prod — scan budget exceeded
  • first-party (npm): playground/html/side-effects prod — scan budget exceeded
  • first-party (npm): playground/ssr-webworker/browser-exports prod — scan budget exceeded
  • first-party (npm): playground/ssr-webworker/worker-exports prod — scan budget exceeded
  • first-party (npm): playground/optimize-missing-deps/missing-dep prod — scan budget exceeded
  • first-party (npm): playground/optimize-missing-deps/multi-entry-dep prod — scan budget exceeded
  • first-party (npm): playground/preload/dep-including-a prod — scan budget exceeded
  • first-party (npm): playground/preload/dep-a prod — scan budget exceeded
  • first-party (npm): playground/nested-deps/test-package-e prod — scan budget exceeded
  • first-party (npm): playground/nested-deps/test-package-b prod — scan budget exceeded
  • first-party (npm): playground/nested-deps/test-package-d prod — scan budget exceeded
  • first-party (npm): playground/nested-deps/test-package-f prod — scan budget exceeded
  • first-party (npm): playground/nested-deps/test-package-c prod — scan budget exceeded
  • first-party (npm): playground/nested-deps/test-package-a prod — scan budget exceeded
  • first-party (npm): playground/nested-deps/self-referencing prod — scan budget exceeded
  • first-party (npm): playground/nested-deps/test-package-e/test-package-e-included prod — scan budget exceeded
  • first-party (npm): playground/nested-deps/test-package-e/test-package-e-excluded prod — scan budget exceeded
  • first-party (npm): playground/nested-deps/test-package-b/node_modules/test-package-a prod — scan budget exceeded
  • first-party (npm): playground/nested-deps/test-package-d/test-package-d-nested prod — scan budget exceeded
  • first-party (npm): playground/js-sourcemap/dep-optimized-malicious prod — scan budget exceeded
  • first-party (npm): playground/js-sourcemap/dep-class-field-sourcemap-oxc prod — scan budget exceeded
  • first-party (npm): playground/js-sourcemap/dep-class-field-sourcemap-babel prod — scan budget exceeded
  • first-party (npm): playground/js-sourcemap/dep-malicious-sourcemap prod — scan budget exceeded
  • first-party (npm): playground/js-sourcemap/importee-pkg prod — scan budget exceeded
  • first-party (npm): playground/import-attribute/import-attribute-dep prod — scan budget exceeded
  • first-party (npm): playground/preserve-symlinks/module-a prod — scan budget exceeded
  • first-party (npm): playground/minify/dir/module prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/non-optimized-with-nested-external prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/primitive-export prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/nested-include prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/object-assigned-exports prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/forwarded-export prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/nested-external prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/define-property-exports prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/read-file-content prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/no-external-css prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/module-condition prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/import-builtin-cjs prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/pkg-exports prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/define-properties-exports prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/nested-external-cjs prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/css-lib prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/no-external-cjs prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/require-absolute prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/optimized-with-nested-external prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/linked-no-external prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/optimized-cjs-with-nested-external prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/external-entry prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/nested-exclude prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/external-using-external-entry prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/ts-transpiled-exports prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/only-object-assigned-exports prod — scan budget exceeded
  • first-party (npm): playground/dynamic-import/pkg prod — scan budget exceeded
  • first-party (npm): playground/proxy-hmr/other-app prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__ prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/packages prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/plugins/fixtures/license prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/plugins/fixtures/license/dep-nested-license-isc prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/plugins/fixtures/license/dep-licence-cc0 prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/plugins/fixtures/license/dep-license-mit prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/plugins/fixtures/sass-package-resolution/node_modules/sass-pkg-with-index prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/watch-rebuild-manifest prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/test-dep-conditions prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/cjs-ssr-dep prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/scan-subpath-import-glob prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/file-url prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/config/plugin-module-condition prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/config/siblings prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/config/native-import prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/config/import-meta prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/config/entry prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/glob-exports/node_modules/my-pkg prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/packages/noname prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/packages/parent prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/packages/child prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/packages/module prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/packages/name prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/watcher prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/pnpm prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/yarn prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/lerna/nested prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/deno/nested prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/pnpm/nested prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/yarn/nested prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/none/nested prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/ssr/runtime/__tests__ prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/live-binding prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/cyclic2 prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/cjs-external prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/esm-external prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/invalid-package/deps/test-dep-invalid-exports prod — scan budget exceeded
  • first-party (npm): docs prod — scan budget exceeded
  • lightningcss prod — scan budget exceeded
  • picomatch prod — scan budget exceeded
  • postcss prod — scan budget exceeded
  • tinyglobby prod — scan budget exceeded
  • @babel/core prod — scan budget exceeded
  • @babel/plugin-transform-dynamic-import prod — scan budget exceeded
  • @babel/plugin-transform-modules-systemjs prod — scan budget exceeded
  • @babel/preset-env prod — scan budget exceeded
  • babel-plugin-polyfill-corejs3 prod — scan budget exceeded
  • babel-plugin-polyfill-regenerator prod — scan budget exceeded
  • browserslist prod — scan budget exceeded
  • browserslist-to-esbuild prod — scan budget exceeded
  • core-js prod — scan budget exceeded
  • regenerator-runtime prod — scan budget exceeded
  • systemjs prod — scan budget exceeded
  • @tailwindcss/vite prod — scan budget exceeded
  • tailwindcss prod — scan budget exceeded
  • @vitejs/test-dep-no-discovery prod — scan budget exceeded
  • vue prod — scan budget exceeded
  • vuex prod — scan budget exceeded
  • clipboard prod — scan budget exceeded
  • @vitejs/test-dep-cjs-browser-field prod — scan budget exceeded
  • @vitejs/longfilename-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa prod — scan budget exceeded
  • @vitejs/test-dep-alias-using-absolute-path prod — scan budget exceeded
  • @vitejs/test-dep-cjs-browser-field-bare prod — scan budget exceeded
  • @vitejs/test-dep-cjs-compiled-from-cjs prod — scan budget exceeded
  • @vitejs/test-dep-cjs-compiled-from-esm prod — scan budget exceeded
  • @vitejs/test-dep-cjs-with-assets prod — scan budget exceeded
  • @vitejs/test-dep-cjs-with-es-module-flag prod — scan budget exceeded
  • @vitejs/test-dep-cjs-with-external-deps prod — scan budget exceeded
  • @vitejs/test-dep-cjs-css-main-field prod — scan budget exceeded
  • @vitejs/test-dep-cjs-require-css-main-field prod — scan budget exceeded
  • @vitejs/test-dep-css-require prod — scan budget exceeded
  • @vitejs/test-dep-esbuild-plugin-transform prod — scan budget exceeded
  • @vitejs/test-dep-incompatible prod — scan budget exceeded
  • @vitejs/test-dep-linked prod — scan budget exceeded
  • @vitejs/test-dep-linked-include prod — scan budget exceeded
  • @vitejs/test-dep-node-env prod — scan budget exceeded
  • @vitejs/test-dep-not-js prod — scan budget exceeded
  • @vitejs/test-dep-optimize-exports-with-glob prod — scan budget exceeded
  • @vitejs/test-dep-optimize-exports-with-root-glob prod — scan budget exceeded
  • @vitejs/test-dep-optimize-with-glob prod — scan budget exceeded
  • @vitejs/test-dep-relative-to-main prod — scan budget exceeded
  • @vitejs/test-dep-source-map-no-sources prod — scan budget exceeded
  • @vitejs/test-dep-with-asset-ext1.pdf prod — scan budget exceeded
  • @vitejs/test-dep-with-asset-ext2.pdf prod — scan budget exceeded
  • @vitejs/test-dep-with-builtin-module-cjs prod — scan budget exceeded
  • @vitejs/test-dep-with-builtin-module-esm prod — scan budget exceeded
  • @vitejs/test-dep-with-dynamic-import prod — scan budget exceeded
  • @vitejs/test-dep-with-optional-peer-dep prod — scan budget exceeded
  • @vitejs/test-dep-with-optional-peer-dep-cjs prod — scan budget exceeded
  • @vitejs/test-dep-with-optional-peer-dep-submodule prod — scan budget exceeded
  • @vitejs/test-dep-with-plus-subpath prod — scan budget exceeded
  • @vitejs/test-dep-non-optimized prod — scan budget exceeded
  • @vitejs/test-added-in-entries prod — scan budget exceeded
  • @vitejs/test-dep-cjs-external-package-omit-js-suffix prod — scan budget exceeded
  • @vitejs/test-dep-with-assets prod — scan budget exceeded
  • @vitejs/test-dep-lodash prod — scan budget exceeded
  • @vitejs/test-dep-lodash.clonedeep prod — scan budget exceeded
  • @vitejs/test-dep-lodash-es prod — scan budget exceeded
  • @vitejs/test-nested-exclude prod — scan budget exceeded
  • phoenix prod — scan budget exceeded
  • react prod — scan budget exceeded
  • react-dom prod — scan budget exceeded
  • @vitejs/test-resolve-linked prod — scan budget exceeded
  • @vitejs/test-alias-original prod — scan budget exceeded
  • aliased-module prod — scan budget exceeded
  • @vue/shared prod — scan budget exceeded
  • @vitejs/test-dep-that-imports prod — scan budget exceeded
  • @vitejs/test-dep-that-requires prod — scan budget exceeded
  • @vitejs/test-commonjs-dep prod — scan budget exceeded
  • @vitejs/test-deep-import prod — scan budget exceeded
  • @vitejs/test-entries prod — scan budget exceeded
  • @vitejs/test-module-sync prod — scan budget exceeded
  • @vitejs/test-resolve-pkg-exports prod — scan budget exceeded
  • @tailwindcss/postcss prod — scan budget exceeded
  • @vitejs/test-external-cjs prod — scan budget exceeded
  • @vitejs/test-require-external-cjs prod — scan budget exceeded
  • @vitejs/test-import-meta-glob-pkg prod — scan budget exceeded
  • @vitejs/test-ssr-conditions-external prod — scan budget exceeded
  • @vitejs/test-ssr-conditions-no-external prod — scan budget exceeded
  • autoprefixer prod — scan budget exceeded
  • @babel/runtime prod — scan budget exceeded
  • normalize.css prod — scan budget exceeded
  • @vitejs/test-resolve-browser-field prod — scan budget exceeded
  • @vitejs/test-resolve-browser-module-field1 prod — scan budget exceeded
  • @vitejs/test-resolve-custom-condition prod — scan budget exceeded
  • @vitejs/test-resolve-custom-main-field prod — scan budget exceeded
  • @vitejs/test-resolve-custom-browser-main-field prod — scan budget exceeded
  • @vitejs/test-resolve-exports-and-nested-scope prod — scan budget exceeded
  • @vitejs/test-resolve-exports-env prod — scan budget exceeded
  • @vitejs/test-resolve-exports-from-root prod — scan budget exceeded
  • @vitejs/test-resolve-exports-legacy-fallback prod — scan budget exceeded
  • @vitejs/test-resolve-exports-path prod — scan budget exceeded
  • @vitejs/test-resolve-exports-with-module prod — scan budget exceeded
  • @vitejs/test-resolve-exports-with-module-condition prod — scan budget exceeded
  • @vitejs/test-resolve-exports-with-module-condition-required prod — scan budget exceeded
  • @vitejs/test-resolve-imports-pkg prod — scan budget exceeded
  • @vitejs/test-resolve-sharp-dir prod — scan budget exceeded
  • @vitejs/test-resolve-sharp-dir-nested prod — scan budget exceeded
  • @vitejs/test-resolve-side-effects-glob prod — scan budget exceeded
  • @vitejs/test-utf8-bom-package prod — scan budget exceeded
  • @vitejs/test-forward-console-throw-dep prod — scan budget exceeded
  • @vitejs/test-dep-self-reference-url-worker prod — scan budget exceeded
  • @vitejs/test-dep-to-optimize prod — scan budget exceeded
  • @vitejs/test-worker-dep-cjs prod — scan budget exceeded
  • @vitejs/test-browser-exports prod — scan budget exceeded
  • @vitejs/test-worker-exports prod — scan budget exceeded
  • @vitejs/test-missing-dep prod — scan budget exceeded
  • @vitejs/test-package-a prod — scan budget exceeded
  • @vitejs/test-package-b prod — scan budget exceeded
  • @vitejs/test-package-c prod — scan budget exceeded
  • @vitejs/test-package-d prod — scan budget exceeded
  • @vitejs/test-package-e prod — scan budget exceeded
  • @vitejs/test-package-f prod — scan budget exceeded
  • @vitejs/self-referencing prod — scan budget exceeded
  • @vitejs/test-dep-malicious-sourcemap prod — scan budget exceeded
  • @vitejs/test-dep-optimized-malicious prod — scan budget exceeded
  • @vitejs/test-importee-pkg prod — scan budget exceeded
  • oxc-parser prod — scan budget exceeded
  • @vitejs/test-import-attribute-dep prod — scan budget exceeded
  • @vitejs/test-module-a prod — scan budget exceeded
  • minified-module prod — scan budget exceeded
  • @node-rs/bcrypt prod — scan budget exceeded
  • @vitejs/test-css-lib prod — scan budget exceeded
  • @vitejs/test-define-properties-exports prod — scan budget exceeded
  • @vitejs/test-define-property-exports prod — scan budget exceeded
  • @vitejs/test-external-entry prod — scan budget exceeded
  • @vitejs/test-external-using-external-entry prod — scan budget exceeded
  • @vitejs/test-forwarded-export prod — scan budget exceeded
  • @vitejs/test-import-builtin-cjs prod — scan budget exceeded
  • @vitejs/test-linked-no-external prod — scan budget exceeded
  • @vitejs/test-module-condition prod — scan budget exceeded
  • @vitejs/test-no-external-cjs prod — scan budget exceeded
  • @vitejs/test-no-external-css prod — scan budget exceeded
  • @vitejs/test-non-optimized-with-nested-external prod — scan budget exceeded
  • @vitejs/test-object-assigned-exports prod — scan budget exceeded
  • @vitejs/test-only-object-assigned-exports prod — scan budget exceeded
  • @vitejs/test-optimized-cjs-with-nested-external prod — scan budget exceeded
  • @vitejs/test-optimized-with-nested-external prod — scan budget exceeded
  • @vitejs/test-pkg-exports prod — scan budget exceeded
  • @vitejs/test-primitive-export prod — scan budget exceeded
  • @vitejs/test-read-file-content prod — scan budget exceeded
  • @vitejs/test-require-absolute prod — scan budget exceeded
  • @vitejs/test-ts-transpiled-exports prod — scan budget exceeded
  • @vitejs/test-pkg prod — scan budget exceeded
  • @vitejs/test-dep-esm-external prod — scan budget exceeded
  • stream prod — scan budget exceeded
  • @vitejs/test-nested-include prod — scan budget exceeded
  • @vitejs/test-css-proxy-dep-nested prod — scan budget exceeded
  • @vitejs/test-scss-proxy-dep-nested prod — scan budget exceeded
  • @vitejs/test-resolve-browser-field-bare-import-fail prod — scan budget exceeded
  • @vitejs/test-resolve-browser-field-bare-import-success prod — scan budget exceeded
  • @vitejs/test-multi-entry-dep prod — scan budget exceeded
  • @vitejs/test-package-e-excluded prod — scan budget exceeded
  • @vitejs/test-package-e-included prod — scan budget exceeded
  • @vitejs/test-package-d-nested prod — scan budget exceeded
  • nested-external prod — scan budget exceeded
  • nested-external-cjs prod — scan budget exceeded
  • object-assigned-exports prod — scan budget exceeded
  • external-entry prod — scan budget exceeded
  • @vitejs/parent prod — scan budget exceeded
  • @vitejs/cjs-ssr-dep prod — scan budget exceeded
  • @vitejs/test-dep-conditions prod — scan budget exceeded
  • @vitejs/test-dep-license-mit prod — scan budget exceeded
  • @vitejs/test-dep-licence-cc0 prod — scan budget exceeded
  • @vitejs/test-dep-nested-license-isc prod — scan budget exceeded
  • @vite/test-config-plugin-module-condition prod — scan budget exceeded
  • @vitejs/child prod — scan budget exceeded
  • @vitejs/cjs-external prod — scan budget exceeded
  • @vitejs/esm-external prod — scan budget exceeded
  • test-dep-invalid-exports prod — scan budget exceeded
  • tinyspy prod — scan budget exceeded
  • birpc prod — scan budget exceeded