Close Open Privacy Scan

bolt Snapshot: commit aa06bb5
science engine v2
schedule 2026-07-01T06:06:51.619833+00:00

verified_user No application data leak found

No high-confidence exfiltration was found in application code.

App Privacy Score

100 /100
Low privacy risk

Low risk · 24 finding(s)

Dependency score: 97 (Low risk)

bar_chart Score Breakdown

No category deductions recorded.

list Scan Summary

0 high 0 medium 24 low
First-party packages: 0
Dependency packages: 3
Ecosystem: npm

swap_horiz Application data flows

No high- or medium-confidence application data-flow findings in this scan.

</> Dependencies

ava

npm dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #56c2b2b02488cda8 Environment-variable access.
pkgs/npm/[email protected]/lib/cli.js:297
		if (debug !== null && !process.env.TEST_AVA) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #770ca59c961896d4 Environment-variable access.
pkgs/npm/[email protected]/lib/cli.js:454
	if (process.env.TEST_AVA) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5cf68111153cf1fa Environment-variable access.
pkgs/npm/[email protected]/lib/cli.js:496
		if (process.env.TEST_AVA) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b850f16f6ebc4fb1 Filesystem access.
pkgs/npm/[email protected]/lib/code-excerpt.js:21
		contents = fs.readFileSync(new URL(file), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f634f4fdee9e75ac Environment-variable access.
pkgs/npm/[email protected]/lib/load-config.js:44
const gitScmFile = process.env.AVA_FAKE_SCM_ROOT ?? '.git';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #446e50fe9bef2c29 Filesystem access.
pkgs/npm/[email protected]/lib/scheduler.js:43
			failedTestFiles = JSON.parse(fs.readFileSync(filePath));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2fb1c09bdd5c39f2 Filesystem access.
pkgs/npm/[email protected]/lib/snapshot-manager.js:80
		return fs.readFileSync(file);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #024c07dcc6722471 Environment-variable access.
pkgs/npm/[email protected]/lib/watcher.js:20
const takeCoverageForSelfTests = process.env.TEST_AVA ? v8.takeCoverage : undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a63eb0ec880081de Filesystem access.
pkgs/npm/[email protected]/lib/worker/line-numbers.js:10
	const ast = acorn.parse(fs.readFileSync(file, 'utf8'), {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

c8

npm dependency
expand_more 11 low-confidence finding(s)
low env_fs dependency Excluded from app score #96b28054a1f5af95 Environment-variable access.
pkgs/npm/[email protected]/bin/c8.js:27
    process.env.NODE_V8_COVERAGE = argv.tempDirectory

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a5157e79c6f7d98 Environment-variable access.
pkgs/npm/[email protected]/lib/commands/report.js:40
    monocartArgv: (argv.experimentalMonocart || process.env.EXPERIMENTAL_MONOCART) ? argv : null

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5223adfe15ae261c Filesystem access.
pkgs/npm/[email protected]/lib/parse-args.js:4
const { readFileSync } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d197a5d5feb6afc Filesystem access.
pkgs/npm/[email protected]/lib/parse-args.js:18
        const config = JSON.parse(readFileSync(path))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a347477da9c259f0 Environment-variable access.
pkgs/npm/[email protected]/lib/parse-args.js:129
      default: process.env.NODE_V8_COVERAGE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b682ee71169eed5 Filesystem access.
pkgs/npm/[email protected]/lib/report.js:9
  ;({ readFile } = require('fs').promises)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb1f5c2bad4ddf01 Filesystem access.
pkgs/npm/[email protected]/lib/report.js:11
const { readdirSync, readFileSync, statSync } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af4c5e442741743d Filesystem access.
pkgs/npm/[email protected]/lib/report.js:452
        reports.push(JSON.parse(readFileSync(
          resolve(this.tempDirectory, file),
          'utf8'
        )))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64d9785c34585e64 Filesystem access.
pkgs/npm/[email protected]/lib/source-map-from-file.js:27
const { readFileSync } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd6fb61aa1a59ae6 Filesystem access.
pkgs/npm/[email protected]/lib/source-map-from-file.js:40
  const fileBody = readFileSync(filename).toString()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef943f5c5767cf01 Filesystem access.
pkgs/npm/[email protected]/lib/source-map-from-file.js:71
    const content = readFileSync(fileURLToPath(mapURL), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

execa

npm dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #aa68cb1474683729 Filesystem access.
pkgs/npm/[email protected]/lib/io/output-sync.js:132
			writeFileSync(path, serializedResult);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c518ff00704995a Filesystem access.
pkgs/npm/[email protected]/lib/stdio/handle-sync.js:41
		fileUrl: ({value}) => ({contents: [bufferToUint8Array(readFileSync(value))]}),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26c9bbb5980f48d5 Filesystem access.
pkgs/npm/[email protected]/lib/stdio/handle-sync.js:42
		filePath: ({value: {file}}) => ({contents: [bufferToUint8Array(readFileSync(file))]}),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc748ef353a955c1 Filesystem access.
pkgs/npm/[email protected]/lib/stdio/native.js:59
	return {type: 'uint8Array', value: bufferToUint8Array(readFileSync(targetFdNumber)), optionName};

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Development

  • tsd dev — dist-only: no readable source
  • xo dev — dist-only: no readable source