Close Open Privacy Scan

bolt Snapshot: commit 18aba13
science engine v1
schedule 2026-06-26T07:06:19.309472+00:00

verified_user No application data leak found

No high-confidence exfiltration was found in application code. Dependency data flows are listed separately and do not affect this verdict.

App Privacy Score

97 /100
Low privacy risk

Low risk · 394 finding(s)

Dependency score: 67 (Medium risk)

bar_chart Score Breakdown

env_fs −3

list Scan Summary

1 high 0 medium 393 low
First-party packages: 1
Dependency packages: 17
Ecosystem: npm

swap_horiz Application data flows

No application data flows were found. See dependency data flows below.

hub Dependency data flows (1)
high coveralls dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/lib/sendToCoveralls.js:9 pkgs/npm/[email protected]/lib/sendToCoveralls.js:19

</> First-Party Code

first-party (npm)

npm first-party
expand_more 5 low-confidence finding(s)
low env_fs production #2f4e2d2f54f3f8ec Filesystem access.
repo/scripts/locales.js:1
var fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f4e2d2f54f3f8ec Filesystem access.
repo/scripts/locales.js:1
var fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0307512f2c1cbb4e Filesystem access.
repo/scripts/locales.js:20
        var content = fs.readFileSync(path.join(localeDir, locale), {encoding: 'utf-8'}),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bad244326f38eaa4 Environment-variable access.
repo/tasks/check_sauce_creds.js:6
        if (process.env.SAUCE_USERNAME === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f093ed869b48dc4 Environment-variable access.
repo/tasks/nuget.js:26
        grunt.option('key', process.env.NUGET_KEY);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

coveralls

npm dependency
high pii_flow dependency Excluded from app score #640b3c72631c5d4d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/lib/sendToCoveralls.js:19 · flow /tmp/closeopen-o_6gb2_w/pkgs/npm/[email protected]/lib/sendToCoveralls.js:9 → /tmp/closeopen-o_6gb2_w/pkgs/npm/[email protected]/lib/sendToCoveralls.js:19
    request.post({
      url,
      form: {
        json: str
      }
    }, (err, response, body) => {
      cb(err, response, body);
    });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 114 low-confidence finding(s)
low env_fs dependency Excluded from app score #5505064d18decf2c Filesystem access.
pkgs/npm/[email protected]/lib/convertLcovToCoveralls.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5505064d18decf2c Filesystem access.
pkgs/npm/[email protected]/lib/convertLcovToCoveralls.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb74d2754e7ba28e Filesystem access.
pkgs/npm/[email protected]/lib/convertLcovToCoveralls.js:33
  const source = fs.readFileSync(filepath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26f3964c4a29afe3 Filesystem access.
pkgs/npm/[email protected]/lib/detectLocalGit.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26f3964c4a29afe3 Filesystem access.
pkgs/npm/[email protected]/lib/detectLocalGit.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13ef11511d632519 Filesystem access.
pkgs/npm/[email protected]/lib/detectLocalGit.js:26
  const head = fs.readFileSync(path.join(dir, '.git', 'HEAD'), 'utf-8').trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d45d66471884e70 Filesystem access.
pkgs/npm/[email protected]/lib/detectLocalGit.js:43
    return fs.readFileSync(ref, 'utf-8').trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb20654d1d2bf525 Filesystem access.
pkgs/npm/[email protected]/lib/detectLocalGit.js:49
  const packedRefsText = fs.readFileSync(packedRefs, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1db0f48b688aa421 Filesystem access.
pkgs/npm/[email protected]/lib/getOptions.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1db0f48b688aa421 Filesystem access.
pkgs/npm/[email protected]/lib/getOptions.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e677ab216d1bf1d1 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:13
  let git_commit = process.env.COVERALLS_GIT_COMMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d09502d2f1dd1de7 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:14
  let git_branch = process.env.COVERALLS_GIT_BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #702ae40306c90052 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:19
  const match = (process.env.CI_PULL_REQUEST || '').match(/(\d+)$/);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4455ea40bfaca250 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:25
  if (process.env.TRAVIS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91a6acc2fe4379ad Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:27
    options.service_number = process.env.TRAVIS_BUILD_NUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cbbb4e2b84c67f4 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:28
    options.service_job_id = process.env.TRAVIS_JOB_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b02ea24a15bf0784 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:29
    options.service_pull_request = process.env.TRAVIS_PULL_REQUEST;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b0492124b75046f Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:31
    git_branch = process.env.TRAVIS_BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #276156e1acb8cf83 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:34
  if (process.env.DRONE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4805c0d8ebbe1efd Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:36
    options.service_job_id = process.env.DRONE_BUILD_NUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34c986613a3f8711 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:37
    options.service_pull_request = process.env.DRONE_PULL_REQUEST;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1735cee3ae7be88 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:38
    git_committer_name = process.env.DRONE_COMMIT_AUTHOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e93249643cdbb3e3 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:39
    git_committer_email = process.env.DRONE_COMMIT_AUTHOR_EMAIL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bdf20853492778b7 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:40
    git_commit = process.env.DRONE_COMMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #feee111f67d598a6 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:41
    git_branch = process.env.DRONE_BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b4cc55ce1c6c8da Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:42
    git_message = process.env.DRONE_COMMIT_MESSAGE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72ae23b472ad02b5 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:45
  if (process.env.JENKINS_URL || process.env.JENKINS_HOME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72ae23b472ad02b5 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:45
  if (process.env.JENKINS_URL || process.env.JENKINS_HOME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2686e314bdf643e Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:47
    options.service_job_id = process.env.BUILD_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a54ce5ee630122f4 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:48
    options.service_pull_request = process.env.CHANGE_ID || process.env.ghprbPullId;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a54ce5ee630122f4 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:48
    options.service_pull_request = process.env.CHANGE_ID || process.env.ghprbPullId;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09545a65efb158da Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:49
    git_committer_name = process.env.CHANGE_AUTHOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7912d74e7cab3fd Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:50
    git_committer_email = process.env.CHANGE_AUTHOR_EMAIL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c3de492d0293b5a Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:51
    git_commit = process.env.GIT_COMMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4a6674394baec75 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:52
    git_branch = process.env.CHANGE_BRANCH || process.env.GIT_BRANCH || process.env.BRANCH_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4a6674394baec75 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:52
    git_branch = process.env.CHANGE_BRANCH || process.env.GIT_BRANCH || process.env.BRANCH_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4a6674394baec75 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:52
    git_branch = process.env.CHANGE_BRANCH || process.env.GIT_BRANCH || process.env.BRANCH_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4039b717035dd54f Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:55
  if (process.env.CIRCLECI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e14e3b6f3b15f57c Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:57
    options.service_number = process.env.CIRCLE_WORKFLOW_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d7dd2056ed503b0 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:58
    options.service_job_number = process.env.CIRCLE_BUILD_NUM;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f56d97cd8ceda49 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:60
    if (process.env.CI_PULL_REQUEST) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0fadb58e06fb73f5 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:61
      const pr = process.env.CI_PULL_REQUEST.split('/pull/');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac5f68811e8c9a6a Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:65
    git_commit = process.env.CIRCLE_SHA1;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #232a2c48c7aa6b18 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:66
    git_branch = process.env.CIRCLE_BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d48ba158fae3df55 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:69
  if (process.env.CI_NAME && process.env.CI_NAME === 'codeship') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d48ba158fae3df55 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:69
  if (process.env.CI_NAME && process.env.CI_NAME === 'codeship') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc2e83447f9eb7e5 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:71
    options.service_job_id = process.env.CI_BUILD_NUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0731025e698e20ae Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:72
    git_commit = process.env.CI_COMMIT_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4899d9c786beb248 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:73
    git_branch = process.env.CI_BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfa7f4cc86b22832 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:74
    git_committer_name = process.env.CI_COMMITTER_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85a7fc7c777e5af3 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:75
    git_committer_email = process.env.CI_COMMITTER_EMAIL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e02dc76f9a11539 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:76
    git_message = process.env.CI_COMMIT_MESSAGE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3f68f46fe0ba3c4 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:79
  if (process.env.WERCKER) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b69486e7d9f31ec2 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:81
    options.service_job_id = process.env.WERCKER_BUILD_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbd72c580ea42e03 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:82
    git_commit = process.env.WERCKER_GIT_COMMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1806a321e04287da Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:83
    git_branch = process.env.WERCKER_GIT_BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e951c6b8871e90d1 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:86
  if (process.env.GITLAB_CI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0f9c2efaeb84a27 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:88
    options.service_job_number = process.env.CI_BUILD_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2acdc1389720a3f Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:89
    options.service_job_id = process.env.CI_BUILD_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee86e88110304f0e Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:90
    options.service_pull_request = process.env.CI_MERGE_REQUEST_IID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74ad0a26a7509c81 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:91
    git_commit = process.env.CI_BUILD_REF;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7f952eda7715362 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:92
    git_branch = process.env.CI_BUILD_REF_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53aef96f323fdd19 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:95
  if (process.env.APPVEYOR) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79dda83186b3b1e7 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:97
    options.service_job_number = process.env.APPVEYOR_BUILD_NUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf0cefdfaf46ad19 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:98
    options.service_job_id = process.env.APPVEYOR_BUILD_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f52b2a33627e70fa Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:99
    git_commit = process.env.APPVEYOR_REPO_COMMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2062c5b59ad3a620 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:100
    git_branch = process.env.APPVEYOR_REPO_BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #980df2739b32ba81 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:103
  if (process.env.SURF_SHA1) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4021132d439d87b5 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:105
    git_commit = process.env.SURF_SHA1;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b0ceae2851f7b64 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:106
    git_branch = process.env.SURF_REF;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6cf7078e493b9a0 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:109
  if (process.env.BUILDKITE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fab62b505954dc5d Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:111
    options.service_job_number = process.env.BUILDKITE_BUILD_NUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a135ef0492458100 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:112
    options.service_job_id = process.env.BUILDKITE_BUILD_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c92e0a452de625c Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:113
    options.service_pull_request = process.env.BUILDKITE_PULL_REQUEST;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03c689006fed3ad4 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:114
    git_commit = process.env.BUILDKITE_COMMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2d7b085f55c6adb Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:115
    git_branch = process.env.BUILDKITE_BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb6dd0dc4125b33c Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:116
    git_committer_name = process.env.BUILDKITE_BUILD_CREATOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92cdcf1cb988fa45 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:117
    git_committer_email = process.env.BUILDKITE_BUILD_CREATOR_EMAIL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2935cdd8ec21e78b Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:118
    git_message = process.env.BUILDKITE_MESSAGE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2a9a1d9e8f2d5c8 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:121
  if (process.env.SEMAPHORE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7227b929271d43ac Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:123
    options.service_job_id = process.env.SEMAPHORE_BUILD_NUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e18f9eee1e64b1ce Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:124
    git_commit = process.env.REVISION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #685a380471a57fc8 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:125
    git_branch = process.env.BRANCH_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76907aad8793f7dd Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:128
  if (process.env.TF_BUILD) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a939767287baa65 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:130
    options.service_job_id = process.env.BUILD_BUILDID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f541e18cc86f3328 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:131
    options.service_pull_request = process.env.SYSTEM_PULLREQUEST_PULLREQUESTNUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #838e0374c2566f87 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:132
    git_commit = process.env.BUILD_SOURCEVERSION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d6996806f85e4fb Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:133
    git_branch = process.env.BUILD_SOURCEBRANCHNAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0ec07d4c40e43d6 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:136
  if (process.env.CF_BRANCH) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #969a25b4281f8311 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:138
    options.service_job_id = process.env.CF_BUILD_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3862ba52a42e0fd2 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:139
    options.service_pull_request = process.env.CF_PULL_REQUEST_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ed180ae722fc163 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:140
    git_commit = process.env.CF_REVISION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1261e5b143edf1c Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:141
    git_branch = process.env.CF_BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a8550095755dc3c Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:142
    git_committer_name = process.env.CF_COMMIT_AUTHOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #584e1b670cf07499 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:143
    git_message = process.env.CF_COMMIT_MESSAGE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d392109d6674f6d Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:146
  options.run_at = process.env.COVERALLS_RUN_AT || JSON.stringify(new Date()).slice(1, -1);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89589908f5f60749 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:148
  if (process.env.COVERALLS_SERVICE_NUMBER) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43a92a15103d9f44 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:149
    options.service_number = process.env.COVERALLS_SERVICE_NUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #790038052cc9e3fc Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:152
  if (process.env.COVERALLS_SERVICE_JOB_NUMBER) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43cb15329b33c94a Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:153
    options.service_job_number = process.env.COVERALLS_SERVICE_JOB_NUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf54899cc24b6c61 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:156
  if (process.env.COVERALLS_SERVICE_JOB_ID) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72093823eac748bb Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:157
    options.service_job_id = process.env.COVERALLS_SERVICE_JOB_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99721b220c8b08b0 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:168
  if (process.env.COVERALLS_PARALLEL) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #129e0cc1e102d14d Filesystem access.
pkgs/npm/[email protected]/lib/getOptions.js:177
        return yaml.safeLoad(fs.readFileSync(yml, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fec18c5525d9142 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:196
  if (process.env.COVERALLS_REPO_TOKEN) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb89d402cd3d776b Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:197
    options.repo_token = process.env.COVERALLS_REPO_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a961ef62fbe3125 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:206
  if (process.env.COVERALLS_SERVICE_NAME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f60a4c2c7e996f5a Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:207
    options.service_name = process.env.COVERALLS_SERVICE_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8c4b0fc12881465 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:210
  if (process.env.COVERALLS_FLAG_NAME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78fe89e95802cdd6 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:211
    options.flag_name = process.env.COVERALLS_FLAG_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67de8fa290d29057 Environment-variable access.
pkgs/npm/[email protected]/lib/logger.js:9
  if (index.options.verbose || process.env.NODE_COVERALLS_DEBUG === 1 || process.env.NODE_COVERALLS_DEBUG === '1') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67de8fa290d29057 Environment-variable access.
pkgs/npm/[email protected]/lib/logger.js:9
  if (index.options.verbose || process.env.NODE_COVERALLS_DEBUG === 1 || process.env.NODE_COVERALLS_DEBUG === '1') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6dd704ffd01507f9 Environment-variable access.
pkgs/npm/[email protected]/lib/sendToCoveralls.js:8
  if (process.env.COVERALLS_ENDPOINT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de5fedcd732ad341 Environment-variable access.
pkgs/npm/[email protected]/lib/sendToCoveralls.js:9
    urlBase = process.env.COVERALLS_ENDPOINT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

eslint

npm dependency
expand_more 13 low-confidence finding(s)
low env_fs dependency Excluded from app score #adcc6845c161787b Filesystem access.
pkgs/npm/[email protected]/lib/cli-engine/lint-result-cache.js:129
			results.source = fs.readFileSync(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45952327e1ecc7da Filesystem access.
pkgs/npm/[email protected]/lib/cli.js:133
			await writeFile(filePath, output);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbbafa6d44d1d368 Filesystem access.
pkgs/npm/[email protected]/lib/eslint/eslint-helpers.js:1281
		const text = await fsp.readFile(filePath, {
			encoding: "utf8",
			signal: controller?.signal,
		});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78415a1ccc8c8128 Environment-variable access.
pkgs/npm/[email protected]/lib/eslint/eslint-helpers.js:1326
	if (!process.env.ESLINT_FLAGS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #881a6041bea3b62a Environment-variable access.
pkgs/npm/[email protected]/lib/eslint/eslint-helpers.js:1330
	const envFlags = process.env.ESLINT_FLAGS.trim().split(/\s*,\s*/gu);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c618f7cb38aab42 Filesystem access.
pkgs/npm/[email protected]/lib/eslint/eslint.js:825
					retrier.retry(() => fs.writeFile(r.filePath, r.output)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #719def8f726f51cc Environment-variable access.
pkgs/npm/[email protected]/lib/linter/timing.js:44
const enabled = !!process.env.TIMING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #019f86877f5323dd Environment-variable access.
pkgs/npm/[email protected]/lib/linter/timing.js:56
	if (typeof process.env.TIMING !== "string") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8cf401280eb062ce Environment-variable access.
pkgs/npm/[email protected]/lib/linter/timing.js:60
	if (process.env.TIMING.toLowerCase() === "all") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50f9f2e38ecc2abd Environment-variable access.
pkgs/npm/[email protected]/lib/linter/timing.js:64
	const TIMING_ENV_VAR_AS_INTEGER = Number.parseInt(process.env.TIMING, 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32a3a6b09598ab20 Filesystem access.
pkgs/npm/[email protected]/lib/rule-tester/rule-tester.js:697
				let content = readFileSync(sourceFile, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d530792a3f10ea9a Filesystem access.
pkgs/npm/[email protected]/lib/services/suppressions-service.js:217
			const data = await fs.promises.readFile(this.filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e5f9500583fa740 Filesystem access.
pkgs/npm/[email protected]/lib/services/suppressions-service.js:240
		return fs.promises.writeFile(
			this.filePath,
			stringify(suppressions, { space: 2 }),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

grunt

npm dependency
expand_more 6 low-confidence finding(s)
low env_fs dependency Excluded from app score #a1aeffeba42ceab7 Filesystem access.
pkgs/npm/[email protected]/lib/grunt/file.js:6
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1aeffeba42ceab7 Filesystem access.
pkgs/npm/[email protected]/lib/grunt/file.js:6
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee8d7c6fb52cfcc7 Filesystem access.
pkgs/npm/[email protected]/lib/grunt/file.js:212
    contents = fs.readFileSync(String(filepath));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c61b110c8ae821d9 Filesystem access.
pkgs/npm/[email protected]/lib/grunt/file.js:280
      fs.writeFileSync(filepath, contents, 'mode' in options ? {mode: options.mode} : {});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f62036912e40ea0d Environment-variable access.
pkgs/npm/[email protected]/lib/grunt/template.js:14
  if (process.env.SOURCE_DATE_EPOCH) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1f2c7981c5b31a8 Environment-variable access.
pkgs/npm/[email protected]/lib/grunt/template.js:15
    now = new Date((process.env.SOURCE_DATE_EPOCH * 1000) + (now.getTimezoneOffset() * 60000));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

grunt-benchmark

npm dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #bbeb61b952b3be44 Filesystem access.
pkgs/npm/[email protected]/tasks/lib/benchmark.js:15
  var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbeb61b952b3be44 Filesystem access.
pkgs/npm/[email protected]/tasks/lib/benchmark.js:15
  var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1fa378547e07ca0 Filesystem access.
pkgs/npm/[email protected]/tasks/lib/writers/csvWriter.js:2
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1fa378547e07ca0 Filesystem access.
pkgs/npm/[email protected]/tasks/lib/writers/csvWriter.js:2
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

grunt-cli

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #b16f2f6118291bc9 Filesystem access.
pkgs/npm/[email protected]/lib/completion.js:13
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b16f2f6118291bc9 Filesystem access.
pkgs/npm/[email protected]/lib/completion.js:13
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7cc42035be2d81ed Filesystem access.
pkgs/npm/[email protected]/lib/completion.js:22
    output = String(fs.readFileSync(filepath));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

grunt-contrib-copy

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #cb7a097bac2d829f Filesystem access.
pkgs/npm/[email protected]/tasks/copy.js:14
  var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb7a097bac2d829f Filesystem access.
pkgs/npm/[email protected]/tasks/copy.js:14
  var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

grunt-env

npm dependency
expand_more 58 low-confidence finding(s)
low env_fs dependency Excluded from app score #0ba415b4a79ef55b Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:4
  process.env.TEST = 'test';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87f1be5dab87ada1 Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:64
          return process.env.DATA_FROM_FUNCTION || '123';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffc7f2affa732be6 Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:81
    assert.equal(process.env.globalOption, 'foo', 'globalOption should be set');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c8e51da26196bae Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:82
    assert.equal(process.env.data, 'bar', 'data should be set');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a75003e9d2e8c25 Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:83
    delete process.env.globalOption;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39fe7e838576e280 Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:84
    delete process.env.data;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5bdd922719404567 Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:88
    assert.equal(process.env.globalOption, 'foo', 'globalOption should be set');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ce3ebb05fafa073 Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:89
    assert.equal(process.env.localOption, 'baz', 'localOption should be set');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01eeea34bc174030 Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:90
    delete process.env.globalOption;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b70e523829478562 Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:91
    delete process.env.localOption;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b360f66fde4390ee Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:95
    assert.equal(process.env.DATA_FROM_FUNCTION, '123', 'should set from function');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79818e86d83c9a4a Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:96
    assert.equal(process.env.A_STRING, 'string', 'should set from string');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8389153043207fd5 Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:97
    delete process.env.DATA_FROM_FUNCTION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eaed21fb0d6a2e48 Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:98
    delete process.env.A_STRING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #140289ea02b4a86d Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:102
    assert.equal(process.env.ADD_NEGATIVE, 'should not change', 'add should not change existing env var');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f732114ea4a6ff9 Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:103
    assert.equal(process.env.ADD_POSITIVE, 'should be this', 'add should create new var if it does not exist');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb2d3647fc10d825 Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:104
    assert.equal(process.env.PATHLIKE, 'foo:bar:baz:qux', 'extend should take delimiters into account');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29e43ad0428210a8 Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:105
    assert.equal(process.env.UNSHIFTBASIC, 'foobar', 'should extend without specifying object');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5ec02e285802df5 Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:106
    assert.equal(process.env.UNSHIFTOBJECT, 'foobar', 'should extend while specifying object');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9964250383421927 Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:107
    assert.equal(process.env.REPLACE, 'bar', 'replace should replace existing var');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29eaeb24d5a97089 Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:108
    delete process.env.ADD_NEGATIVE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac1cf39a57dc264f Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:109
    delete process.env.ADD_POSITIVE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47da94bc2d1b77ef Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:110
    delete process.env.PATHLIKE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5fb15048ad3845f2 Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:111
    delete process.env.UNSHIFTBASIC;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f3304492f73dbf3 Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:112
    delete process.env.UNSHIFTOBJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9ae95a333ec5dec Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:113
    delete process.env.REPLACE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a782112cab15c061 Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:114
    delete process.env.globalOption;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66aa3132f324cc20 Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:131
    assert(!process.env.src, 'Should not include src');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04daa4321d7eebaf Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:132
    assert.equal(process.env.jsonValue, 'foo', 'value from json env file should be set');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6c7dee443f35595 Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:133
    assert.equal(process.env.PATHLIKE, 'jsonPath', 'should process directives in json');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f0badc58b3583f8 Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:134
    assert.equal(process.env.globalOption, 'foo', 'should still get global options');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e300daf5d4d7dd8 Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:135
    assert.equal(process.env.dotEnvFileData, 'bar', 'dotEnvFileData should be set');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e0aa3788c9f18e6 Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:136
    assert.equal(process.env.dotEnvFileOption, 'baz', 'dotEnvFileOption should be set');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #546ac5766c5a41ea Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:137
    assert.equal(process.env.dotEnvIniFileData, 'bar.ini', 'dotEnvIniFileData should be set');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44bf1f7725acfc6f Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:138
    assert.equal(process.env.dotEnvIniFileOption, 'baz.ini', 'ndotEnvIniFileOption should be set');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12258a3d06707396 Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:139
    assert.equal(process.env.yamlValue, 'foo', 'yamlValue should be set');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ff3ee1f073a8aee Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:140
    delete process.env.jsonValue;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13adf183ff6b9b6f Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:141
    delete process.env.dotEnvFileData;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7020f04fd44b3272 Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:142
    delete process.env.dotEnvFileOption;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2942fbafc9459354 Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:143
    delete process.env.PATHLIKE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5499bd87c9fb5d15 Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:144
    delete process.env.globalOption;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #101c454b0ddf9dd5 Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:145
    delete process.env.dotEnvIniFileData;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5e92dd6409f5394 Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:146
    delete process.env.dotEnvIniFileOption;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #688e73cdfcc3c1b3 Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:147
    delete process.env.yamlValue;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #723255ffdff91c70 Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:158
    assert(!process.env.envdir, 'Should not include src');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #764f3c43cc7fe87a Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:159
    assert.equal(process.env.ENVDIR, 'envdir', 'value from envdir file should be set');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21c0ecf36ff329a7 Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:160
    assert.equal(process.env.BAZ, 'baz', 'value from envdir file should be set');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a677643cb1935794 Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:161
    assert(!process.env.FOO, 'Should not include subdirectories');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #232cda4f7d8f5811 Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:162
    delete process.env.ENVDIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9c0ba79ca38db10 Environment-variable access.
pkgs/npm/[email protected]/Gruntfile.js:163
    delete process.env.BAR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99e5def6f0effe6a Environment-variable access.
pkgs/npm/[email protected]/tasks/env.js:76
    if (process.env[key]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be16aa53db54348b Environment-variable access.
pkgs/npm/[email protected]/tasks/env.js:86
    if (!process.env[key]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e00459411e6da0c Environment-variable access.
pkgs/npm/[email protected]/tasks/env.js:89
    process.env[key] = value;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #160011a8a45b5487 Environment-variable access.
pkgs/npm/[email protected]/tasks/env.js:93
    process.env[key] = process.env[key] || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #160011a8a45b5487 Environment-variable access.
pkgs/npm/[email protected]/tasks/env.js:93
    process.env[key] = process.env[key] || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc402621620b9967 Environment-variable access.
pkgs/npm/[email protected]/tasks/env.js:101
      process.env[key] = value + delimiter + process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc402621620b9967 Environment-variable access.
pkgs/npm/[email protected]/tasks/env.js:101
      process.env[key] = value + delimiter + process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #673e64ce80986b5a Environment-variable access.
pkgs/npm/[email protected]/tasks/env.js:103
      process.env[key] += delimiter + value;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

grunt-karma

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #6cd84a24b69797a8 Environment-variable access.
pkgs/npm/[email protected]/gruntfile.js:5
  if (process.env.TRAVIS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f229687ae0334cb5 Environment-variable access.
pkgs/npm/[email protected]/gruntfile.js:53
            token: process.env.GH_TOKEN

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

karma

npm dependency
expand_more 20 low-confidence finding(s)
low env_fs dependency Excluded from app score #fc036b3db64031a5 Environment-variable access.
pkgs/npm/[email protected]/lib/completion.js:88
      count: parseInt(process.env.COMP_CWORD, 10),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b87c03a02cb5f5a1 Filesystem access.
pkgs/npm/[email protected]/lib/completion.js:98
  fs.readFile(path.resolve(__dirname, '../scripts/karma-completion.sh'), 'utf8', function (err, data) {
    if (err) return console.error(err)

    process.stdout.write(data)
    process.stdout.on('error', function (error) {
      // Darwin is a real dick sometimes.
      //
      // This is necessary because the "source" or "." program in
      // bash on OS X closes its file argument before reading
      // from it, meaning that you get exactly 1 write, which will
      // work most of the time, and will always raise an EPIPE.
      //
      // Really, one should not be tossing away EPIPE errors, or any
      // errors, so casually.  But, without this, `. <(karma completion)`
      // can never ever work on OS X.
      if (error.errno === 'EPIPE') {
        error = null
      }
    })
  })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f61052c113ead9f2 Filesystem access.
pkgs/npm/[email protected]/lib/constants.js:6
const pkg = JSON.parse(fs.readFileSync(path.join(__dirname, '/../package.json')).toString())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e04cc5b9d6301a4f Environment-variable access.
pkgs/npm/[email protected]/lib/constants.js:10
exports.DEFAULT_PORT = process.env.PORT || 9876

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e40d5fe86ab8d6c3 Environment-variable access.
pkgs/npm/[email protected]/lib/constants.js:11
exports.DEFAULT_HOSTNAME = process.env.IP || 'localhost'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a3437dcca0c9646 Environment-variable access.
pkgs/npm/[email protected]/lib/constants.js:12
exports.DEFAULT_LISTEN_ADDR = process.env.LISTEN_ADDR || '0.0.0.0'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d6f2c7ed164bfe7 Filesystem access.
pkgs/npm/[email protected]/lib/detached.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d6f2c7ed164bfe7 Filesystem access.
pkgs/npm/[email protected]/lib/detached.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31562f44f7584328 Filesystem access.
pkgs/npm/[email protected]/lib/detached.js:7
const fileContents = fs.readFileSync(configurationFile, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5518c9b88d34eaf4 Filesystem access.
pkgs/npm/[email protected]/lib/init/formatters.js:48
    return FileUtils
      .readFile(this.TEMPLATE_FILE_PATH)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #606736ae9e18f6ce Filesystem access.
pkgs/npm/[email protected]/lib/middleware/common.js:66
    return fs.readFile(filepath, function (error, data) {
      if (error) {
        return serve404(response, filepath)
      }

      if (!doNotCache) {
        cache[filepath] = data.toString()
      }

      log.debug('serving: ' + filepath)
      response.setHeader('Content-Type', mime.getType(filepath, 'text/plain'))
      responseData = (transform && transform(data.toString())) || data
      response.writeHead(rangeHeader ? convertForRangeRequest() : 200)

      return response.end(responseData)
    })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #569c0bcc00a214e6 Filesystem access.
pkgs/npm/[email protected]/lib/server.js:8
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #569c0bcc00a214e6 Filesystem access.
pkgs/npm/[email protected]/lib/server.js:8
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63191f44f1835700 Filesystem access.
pkgs/npm/[email protected]/lib/server.js:417
      fs.writeFileSync(tmpFile.name, JSON.stringify(config), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36769ec62810b35d Filesystem access.
pkgs/npm/[email protected]/lib/utils/file-utils.js:7
    return fs.readFileSync(path).toString()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf9b8788dcd6f0ea Filesystem access.
pkgs/npm/[email protected]/lib/utils/file-utils.js:11
    fs.writeFileSync(path, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed11f441f7bd5a68 Filesystem access.
pkgs/npm/[email protected]/lib/utils/file-utils.js:15
    FileUtils.saveFile(dest, FileUtils.readFile(src))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #5aad6e729b4563ea Filesystem access.
pkgs/npm/[email protected]/scripts/client.js:3
const { createWriteStream } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #5aad6e729b4563ea Filesystem access.
pkgs/npm/[email protected]/scripts/client.js:3
const { createWriteStream } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #6375394194eb4f42 Filesystem access.
pkgs/npm/[email protected]/scripts/client.js:4
const { readFile } = require('fs').promises

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

karma-chrome-launcher

npm dependency
expand_more 17 low-confidence finding(s)
low env_fs dependency Excluded from app score #29dd94bbee930081 Filesystem access.
pkgs/npm/[email protected]/index.js:1
var fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29dd94bbee930081 Filesystem access.
pkgs/npm/[email protected]/index.js:1
var fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6244a7837fff4650 Environment-variable access.
pkgs/npm/[email protected]/index.js:62
  var prefixes = [process.env.LOCALAPPDATA, process.env.PROGRAMFILES, process.env['PROGRAMFILES(X86)'], process.env.ProgramW6432]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6244a7837fff4650 Environment-variable access.
pkgs/npm/[email protected]/index.js:62
  var prefixes = [process.env.LOCALAPPDATA, process.env.PROGRAMFILES, process.env['PROGRAMFILES(X86)'], process.env.ProgramW6432]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6244a7837fff4650 Environment-variable access.
pkgs/npm/[email protected]/index.js:62
  var prefixes = [process.env.LOCALAPPDATA, process.env.PROGRAMFILES, process.env['PROGRAMFILES(X86)'], process.env.ProgramW6432]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6244a7837fff4650 Environment-variable access.
pkgs/npm/[email protected]/index.js:62
  var prefixes = [process.env.LOCALAPPDATA, process.env.PROGRAMFILES, process.env['PROGRAMFILES(X86)'], process.env.ProgramW6432]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #703b46de10f1fac1 Environment-variable access.
pkgs/npm/[email protected]/index.js:111
  var prefixes = [process.env.LOCALAPPDATA, process.env.PROGRAMFILES, process.env['PROGRAMFILES(X86)'], process.env.ProgramW6432]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #703b46de10f1fac1 Environment-variable access.
pkgs/npm/[email protected]/index.js:111
  var prefixes = [process.env.LOCALAPPDATA, process.env.PROGRAMFILES, process.env['PROGRAMFILES(X86)'], process.env.ProgramW6432]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #703b46de10f1fac1 Environment-variable access.
pkgs/npm/[email protected]/index.js:111
  var prefixes = [process.env.LOCALAPPDATA, process.env.PROGRAMFILES, process.env['PROGRAMFILES(X86)'], process.env.ProgramW6432]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #703b46de10f1fac1 Environment-variable access.
pkgs/npm/[email protected]/index.js:111
  var prefixes = [process.env.LOCALAPPDATA, process.env.PROGRAMFILES, process.env['PROGRAMFILES(X86)'], process.env.ProgramW6432]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #473692b582b69638 Environment-variable access.
pkgs/npm/[email protected]/index.js:148
    var homePath = path.join(process.env.HOME, defaultPath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0cbabe9b1f005a39 Environment-variable access.
pkgs/npm/[email protected]/index.js:307
  var dartFlags = process.env.DART_FLAGS || ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad07d7b3833f2fad Environment-variable access.
pkgs/npm/[email protected]/index.js:311
    process.env.DART_FLAGS = flags.join(' ')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #6b3adc36946b1fa7 Filesystem access.
pkgs/npm/[email protected]/tools/update-contributors.js:4
const { readFileSync, writeFileSync } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #6b3adc36946b1fa7 Filesystem access.
pkgs/npm/[email protected]/tools/update-contributors.js:4
const { readFileSync, writeFileSync } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #0aec3905ce10e1c0 Filesystem access.
pkgs/npm/[email protected]/tools/update-contributors.js:16
  const pkg = JSON.parse(readFileSync(pkgPath, 'utf8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #6e2f259559d20307 Filesystem access.
pkgs/npm/[email protected]/tools/update-contributors.js:20
  writeFileSync(pkgPath, JSON.stringify(pkg, undefined, '  ') + '\n', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

karma-firefox-launcher

npm dependency
expand_more 11 low-confidence finding(s)
low env_fs dependency Excluded from app score #1d809199ff32f198 Filesystem access.
pkgs/npm/[email protected]/index.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d809199ff32f198 Filesystem access.
pkgs/npm/[email protected]/index.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #254f07a2cf270b2d Environment-variable access.
pkgs/npm/[email protected]/index.js:65
  const paden = process.env.Path.split(';')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4d68619da3f51a2 Environment-variable access.
pkgs/npm/[email protected]/index.js:76
  const prefixes = [process.env.PROGRAMFILES, process.env['PROGRAMFILES(X86)']]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4d68619da3f51a2 Environment-variable access.
pkgs/npm/[email protected]/index.js:76
  const prefixes = [process.env.PROGRAMFILES, process.env['PROGRAMFILES(X86)']]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e31ed73f827e8605 Environment-variable access.
pkgs/npm/[email protected]/index.js:121
  for (const pathElem of process.env.PATH.split(':')) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6362026e73d1bf0f Environment-variable access.
pkgs/npm/[email protected]/index.js:182
      homeBin = path.join(process.env.HOME, bin)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9dddf5ea8af75f9 Filesystem access.
pkgs/npm/[email protected]/index.js:244
        const extBuffer = fs.readFileSync(ext)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fad87ad03f4eb9a4 Filesystem access.
pkgs/npm/[email protected]/index.js:246
        fs.writeFileSync(copyDestination, extBuffer)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7b22a8ee65a8577 Filesystem access.
pkgs/npm/[email protected]/index.js:250
    fs.writeFileSync(path.join(profilePath, 'prefs.js'), this._getPrefs(args.prefs))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a887d416a6b42ed Environment-variable access.
pkgs/npm/[email protected]/index.js:266
    process.env.MOZ_DEBUG_BROWSER_PAUSE = 0

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

node-qunit

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #fc05212f84f47284 Filesystem access.
pkgs/npm/[email protected]/bin/cli.js:3
var argsparser = require('argsparser'),
    fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #427a44317387283b Filesystem access.
pkgs/npm/[email protected]/bin/cli.js:4
    fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d623d18e871216fc Filesystem access.
pkgs/npm/[email protected]/bin/cli.js:94
                    fs.readFileSync(__dirname + '/../package.json')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

nyc

npm dependency
expand_more 31 low-confidence finding(s)
low env_fs dependency Excluded from app score #05743e20ca0c8447 Filesystem access.
pkgs/npm/[email protected]/bin/nyc.js:10
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05743e20ca0c8447 Filesystem access.
pkgs/npm/[email protected]/bin/nyc.js:10
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6dd188fc4cf58b7 Environment-variable access.
pkgs/npm/[email protected]/bin/nyc.js:53
    env.BABEL_DISABLE_CACHE = process.env.BABEL_DISABLE_CACHE = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f632a8164d197934 Environment-variable access.
pkgs/npm/[email protected]/bin/nyc.js:81
    env.SPAWN_WRAP_SHIM_ROOT = process.env.SPAWN_WRAP_SHIM_ROOT || process.env.XDG_CACHE_HOME || require('os').homedir()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f632a8164d197934 Environment-variable access.
pkgs/npm/[email protected]/bin/nyc.js:81
    env.SPAWN_WRAP_SHIM_ROOT = process.env.SPAWN_WRAP_SHIM_ROOT || process.env.XDG_CACHE_HOME || require('os').homedir()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f4b884fcd0d43a1 Filesystem access.
pkgs/npm/[email protected]/index.js:190
        const source = await fs.readFile(filename, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76075a567ef8a77e Filesystem access.
pkgs/npm/[email protected]/index.js:218
      const inCode = await fs.readFile(inFile, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df6e0f7e1ffe8450 Filesystem access.
pkgs/npm/[email protected]/index.js:226
        await fs.writeFile(outFile, outCode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c679da6bf37d4bb Environment-variable access.
pkgs/npm/[email protected]/index.js:353
    if (!process.env.NYC_CWD) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1cb981a52aa654ee Environment-variable access.
pkgs/npm/[email protected]/index.js:375
    process.env.NYC_PROCESS_ID = this.processInfo.uuid

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f753d192a8074860 Filesystem access.
pkgs/npm/[email protected]/index.js:409
    fs.writeFileSync(
      coverageFilename,
      JSON.stringify(coverage),
      'utf-8'
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28e89ef6821465cb Filesystem access.
pkgs/npm/[email protected]/index.js:514
      const report = JSON.parse(await fs.readFile(path.resolve(baseDirectory, filename)), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf17c4163a5e08c7 Environment-variable access.
pkgs/npm/[email protected]/lib/commands/check-coverage.js:19
  process.env.NYC_CWD = process.cwd()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f3808acb9992453 Environment-variable access.
pkgs/npm/[email protected]/lib/commands/merge.js:33
  process.env.NYC_CWD = process.cwd()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d73a53cc07c8b5fb Filesystem access.
pkgs/npm/[email protected]/lib/commands/merge.js:44
  await fs.writeFile(argv.outputFile, JSON.stringify(map), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2dcaa7c2a7052ab1 Environment-variable access.
pkgs/npm/[email protected]/lib/commands/report.js:19
  process.env.NYC_CWD = process.cwd()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #133a8fd73785f8ee Environment-variable access.
pkgs/npm/[email protected]/lib/config-util.js:12
  cwd = cwd || process.env.NYC_CWD || process.cwd()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91e25086a5770d25 Filesystem access.
pkgs/npm/[email protected]/lib/fs-promises.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91e25086a5770d25 Filesystem access.
pkgs/npm/[email protected]/lib/fs-promises.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23b689a596304eaf Environment-variable access.
pkgs/npm/[email protected]/lib/register-env.js:21
    envToCopy[env] = process.env[env]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5219713b2466a18d Environment-variable access.
pkgs/npm/[email protected]/lib/register-env.js:26
  envToCopy[envName] = process.env[envName]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95e3aad617618790 Filesystem access.
pkgs/npm/[email protected]/lib/source-maps.js:43
      fs.writeFileSync(mapPath, JSON.stringify(sourceMap))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47cb738bce70c32d Filesystem access.
pkgs/npm/[email protected]/lib/source-maps.js:68
            this.loadedMaps[hash] = JSON.parse(await fs.readFile(mapPath, 'utf8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d88a5375c8ccdea Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:6
  process.env.NYC_CONFIG ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #824691cfd89dd0ff Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:15
  parent: process.env.NYC_PROCESS_ID || null

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb31b4d0a34bf8c9 Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:18
if (process.env.NYC_PROCESSINFO_EXTERNAL_ID) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4045aabff2fa1ed4 Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:19
  config._processInfo.externalId = process.env.NYC_PROCESSINFO_EXTERNAL_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ebd5bbc11a3a9b08 Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:20
  delete process.env.NYC_PROCESSINFO_EXTERNAL_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cec2ed900e90733 Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:23
if (process.env.NYC_CONFIG_OVERRIDE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c035df8e6317a10 Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:24
  Object.assign(config, JSON.parse(process.env.NYC_CONFIG_OVERRIDE))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #760d184847ea6368 Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:25
  process.env.NYC_CONFIG = JSON.stringify(config)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

prettier

npm dependency
expand_more 77 low-confidence finding(s)
low env_fs dependency Excluded from app score #c4cc6c7087e76578 Environment-variable access.
pkgs/npm/[email protected]/bin/prettier.cjs:66
if (process.env.PRETTIER_EXPERIMENTAL_CLI || index !== -1) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2e3ff39788562bb Environment-variable access.
pkgs/npm/[email protected]/index.mjs:5609
    var debug = typeof process === "object" && process.env && process.env.NODE_DEBUG && /\bsemver\b/i.test(process.env.NODE_DEBUG) ? (...args) => console.error("SEMVER", ...args) : () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2e3ff39788562bb Environment-variable access.
pkgs/npm/[email protected]/index.mjs:5609
    var debug = typeof process === "object" && process.env && process.env.NODE_DEBUG && /\bsemver\b/i.test(process.env.NODE_DEBUG) ? (...args) => console.error("SEMVER", ...args) : () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45aa9aa977ea4913 Environment-variable access.
pkgs/npm/[email protected]/index.mjs:6176
    if (process.env.npm_package_name === "pseudomap" && process.env.npm_lifecycle_script === "test")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45aa9aa977ea4913 Environment-variable access.
pkgs/npm/[email protected]/index.mjs:6176
    if (process.env.npm_package_name === "pseudomap" && process.env.npm_lifecycle_script === "test")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d463574e1dcba938 Environment-variable access.
pkgs/npm/[email protected]/index.mjs:6177
      process.env.TEST_PSEUDOMAP = "true";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5286e352b3f5857 Environment-variable access.
pkgs/npm/[email protected]/index.mjs:6178
    if (typeof Map === "function" && !process.env.TEST_PSEUDOMAP) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6a5043d701eb5e0 Environment-variable access.
pkgs/npm/[email protected]/index.mjs:6520
    var hasSymbol = typeof Symbol === "function" && process.env._nodeLRUCacheForceNoSymbol !== "1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #605a8e31f827445c Filesystem access.
pkgs/npm/[email protected]/index.mjs:7655
            fs4.readFile(file, "utf8", function(err, data) {
              if (err) {
                reject(err);
                return;
              }
              resolve3(parseString2(data));
            });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a082f9e922ae062b Filesystem access.
pkgs/npm/[email protected]/index.mjs:7668
      return parseString2(fs4.readFileSync(file, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #357f24916aa7615a Filesystem access.
pkgs/npm/[email protected]/index.mjs:8004
              fs4.readFile(name, "utf8", function(err, data) {
                resolve3({
                  name,
                  contents: err ? "" : data
                });
              });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53c79d746f41c797 Filesystem access.
pkgs/npm/[email protected]/index.mjs:8020
          file = fs4.readFileSync(filepath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #419d655c9db9cea5 Filesystem access.
pkgs/npm/[email protected]/index.mjs:10382
import * as fs from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c8edb73bef9a66e Environment-variable access.
pkgs/npm/[email protected]/index.mjs:11485
  return typeof process === "object" && (process.env.FORCE_COLOR === "0" || process.env.FORCE_COLOR === "false") ? false : import_picocolors4.default.isColorSupported;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c8edb73bef9a66e Environment-variable access.
pkgs/npm/[email protected]/index.mjs:11485
  return typeof process === "object" && (process.env.FORCE_COLOR === "0" || process.env.FORCE_COLOR === "false") ? false : import_picocolors4.default.isColorSupported;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #421a5a8c438bf5c3 Filesystem access.
pkgs/npm/[email protected]/index.mjs:12540
import fs2 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2568a2c4c939f1c Filesystem access.
pkgs/npm/[email protected]/index.mjs:12546
    return await fs2.readFile(file, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a19a971d3758ce8f Filesystem access.
pkgs/npm/[email protected]/index.mjs:12697
import { statSync, realpathSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0db3dc3cc2ef7f7b Filesystem access.
pkgs/npm/[email protected]/index.mjs:12707
import fs3 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fc82e765d06a314 Filesystem access.
pkgs/npm/[email protected]/index.mjs:13059
    string = fs3.readFileSync(path6.toNamespacedPath(jsonPath), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6d2b98c427ee919 Environment-variable access.
pkgs/npm/[email protected]/index.mjs:16485
      if (process.env.PRETTIER_DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7ba430b984a5268 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:10
import { createWriteStream } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3650be51e3aa511b Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:15
import fs from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8aab513d34713496 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:371
  return dist_default.retry.readFile(retryOptions)(filePath, options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3e55f6a30db9ecb Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:516
import { statSync, realpathSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71acbaeb2883ce9c Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:526
import fs2 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fcda991e55360f78 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:878
    string2 = fs2.readFileSync(path3.toNamespacedPath(jsonPath), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63d33068007e05e3 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:1878
import fs3 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50c1824154785756 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:1955
          const content = fs3.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #599accd4735fae5b Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:1961
          return fs3.writeFileSync(filePath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd08fcfda7f8b54a Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:54
import fs from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2750ccdb18cca76 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:96
import fs2 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #afe19719d00d3155 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:107
      const buffer2 = attempt(() => fs2.readFileSync(path18), Buffer2.alloc(0));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0220cf54a1681732 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:116
import fs3 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5e71cca28a658b4 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:612
import fs4 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #544a3875e7ff9a14 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:627
              const content = fs4.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6addabe89dba3e5a Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:633
              return fs4.writeFileSync(filePath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57f2a52b1fc6bb07 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:2515
import fs5 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35e7137d46d58f0b Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:2525
    string2 = fs5.readFileSync(path4.toNamespacedPath(jsonPath), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d45cb230739a4b84 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:2743
import { statSync, realpathSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42ee313da913478c Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:3607
import fs6 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24d49965a969e74e Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:4855
import fs7 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9e7c651158e1119 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:5794
import fs8 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e511461904ce43a6 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:5820
          const store = JSON.parse(fs8.readFileSync(this.storePath, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdf1274dccf8b3a1 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:5835
          fs8.writeFileSync(this.storePath, store);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e96d10145cfc562 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:5850
          const content = fs8.readFileSync(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d2e9b2ce8869ee4 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:6238
import fs9 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e441f3486c1f224 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:6252
        return fs9.readFile(filePath, "utf8").then(parse_default2).catch(noop2);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #891c94b1783b7a10 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:6582
import fs10 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16143e0ef703addc Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:6594
      return fs10.readFile(filePath, "utf8").catch(noop2);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ab334c62bea436c Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:10466
import fs11 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #879ddd82531965ac Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:10488
        const fileContent = fs11.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93693f3629c7a6e1 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:10493
        const fileContent = fs11.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29da559d8069f171 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:10499
        const fileBuffer = fs11.readFileSync(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c9c35a428bd30d8 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:10515
        const fileContent = fs11.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2512c7d88b1bca51 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:10521
        const fileContent = fs11.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fce64ac32535fa5c Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:11366
import fs12 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af9276b9ef368e6b Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:11559
import { createWriteStream } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e63b60d78c41647b Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:11567
  return dist_default36.retry.readFile(retryOptions)(filePath, options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95ea453cebe2e3fe Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:12330
import fs13 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e0eaac9c31a6791 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:12395
  const ignoreManualFilesContents = await Promise.all(ignoreManualFilesPaths.map((filePath) => fs13.readFile(filePath, "utf8").catch(() => "")));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4444c8827c9afd3d Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:12400
  const prettierManualFilesContents = await Promise.all(prettierManualFilesPaths.map((filePath) => fs13.readFile(filePath, "utf8")));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #edb843e1d49d4c6a Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1233
import fs from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0a1edb8d37bf7fd Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1554
import fs9 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23de6b24a3e10ae2 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1778
import fs4 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05e7f3ca5b46fb5a Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1786
import fs3 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #157ad9285a69fd5f Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1794
import fs2 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e863a43b5862fb67 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1888
    const data = await fs4.readFile(cacheFile, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e532b4c9f85aaa7c Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1906
import fs7 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51df01604de45634 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1910
import fs6 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9843ed508f9a163 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1914
import fs5 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9dc2c7deeb586d87 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:4302
      const data = fs5.readFileSync(pathToFile, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8f5bf3d257df2e1 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:4506
        fs5.writeFileSync(filePath, data);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c36b78eba27ce4e Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:4894
        const buffer = fs6.readFileSync(absolutePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ae4d1ea0f0d1cc4 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:5188
import fs8 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7276d7b060a79071 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:5449
  writeFormattedFile: (file, data) => fs8.writeFile(file, data)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3594c24585a9c44c Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:5805
      input = await fs9.readFile(filename, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

qunit

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #68ddbd1b8931bada Filesystem access.
pkgs/npm/[email protected]/src/cli/utils.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68ddbd1b8931bada Filesystem access.
pkgs/npm/[email protected]/src/cli/utils.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76c8430537a09572 Filesystem access.
pkgs/npm/[email protected]/src/cli/utils.js:19
    const gitIgnore = fs.readFileSync(gitFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

typescript

npm dependency
expand_more 20 low-confidence finding(s)
low env_fs dependency Excluded from app score #51dffd48ff45b6b0 Filesystem access.
pkgs/npm/[email protected]/lib/_tsserver.js:51
var import_fs = __toESM(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de50f7ad870553e9 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:309
    const envLogOptions = parseLoggingEnvironmentString(process.env.TSS_LOG);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e65e13d0cf269ef6 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:535
  const traceDir = commandLineTraceDir ? (0, typescript_exports.stripQuotes)(commandLineTraceDir) : process.env.TSS_TRACE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9045085a067b25f3 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:548
        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9045085a067b25f3 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:548
        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9045085a067b25f3 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:548
        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9045085a067b25f3 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:548
        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9045085a067b25f3 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:548
        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9045085a067b25f3 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:548
        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9045085a067b25f3 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:548
        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2b3fd83c2307c75 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:565
    if (process.env.XDG_CACHE_HOME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd53ec775570a9cc Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:566
      return process.env.XDG_CACHE_HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bff0b6fbe713fd23 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:569
    const homePath = import_os.default.homedir && import_os.default.homedir() || process.env.HOME || (process.env.LOGNAME || process.env.USER) && `/${usersDir}/${process.env.LOGNAME || process.env.USER}` || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bff0b6fbe713fd23 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:569
    const homePath = import_os.default.homedir && import_os.default.homedir() || process.env.HOME || (process.env.LOGNAME || process.env.USER) && `/${usersDir}/${process.env.LOGNAME || process.env.USER}` || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bff0b6fbe713fd23 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:569
    const homePath = import_os.default.homedir && import_os.default.homedir() || process.env.HOME || (process.env.LOGNAME || process.env.USER) && `/${usersDir}/${process.env.LOGNAME || process.env.USER}` || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bff0b6fbe713fd23 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:569
    const homePath = import_os.default.homedir && import_os.default.homedir() || process.env.HOME || (process.env.LOGNAME || process.env.USER) && `/${usersDir}/${process.env.LOGNAME || process.env.USER}` || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bff0b6fbe713fd23 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:569
    const homePath = import_os.default.homedir && import_os.default.homedir() || process.env.HOME || (process.env.LOGNAME || process.env.USER) && `/${usersDir}/${process.env.LOGNAME || process.env.USER}` || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b4b589d171e3a1f Filesystem access.
pkgs/npm/[email protected]/lib/_typingsInstaller.js:44
var fs = __toESM(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f5e571e7376656d Filesystem access.
pkgs/npm/[email protected]/lib/_typingsInstaller.js:88
    const content = JSON.parse(host.readFile(typesRegistryFilePath));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71aab32583da883c Filesystem access.
pkgs/npm/[email protected]/lib/watchGuard.js:42
var fs = __toESM(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

uglify-js

npm dependency
expand_more 4 low-confidence finding(s)
low env_fs tooling Excluded from app score unknown #24200e3eadd15a98 Filesystem access.
pkgs/npm/[email protected]/tools/node.js:1
var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #24200e3eadd15a98 Filesystem access.
pkgs/npm/[email protected]/tools/node.js:1
var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #c30340ce1414be04 Filesystem access.
pkgs/npm/[email protected]/tools/node.js:20
        return fs.readFileSync(file, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #82dafe5e70097519 Environment-variable access.
pkgs/npm/[email protected]/tools/node.js:33
if (+process.env["UGLIFY_BUG_REPORT"]) exports.minify = function(files, options) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Development

  • cross-env dev — dist-only: no readable source
  • karma-sauce-launcher dev — dist-only: no readable source
  • rollup dev — dist-only: no readable source
  • typescript3 dev — no javascript source