Close Open Privacy Scan

bolt Snapshot: commit 77429f5
science engine v3
schedule 2026-07-08T10:47:14.764013+00:00

verified_user Application data leak confirmed

High-confidence data exfiltration identified in application code.

App Privacy Score

0 /100
High privacy risk — application leak confirmed

High risk · 1294 finding(s)

Dependency score: 27 (High risk)

bar_chart Score Breakdown

pii_flow −60
telemetry −25
egress −15
env_fs −3

list Scan Summary

54 high 58 medium 1182 low
First-party packages: 22
Dependency packages: 41
Ecosystem: npm

swap_horiz Confirmed data exfiltration in application code

External domains: ${process.env.PLAYWRIGHT_SERVER_HOSTapi.anthropic.comapi.emailoctopus.comapi.github.comapi.github.com${endpoint}`,api.github.com`;api.honeycomb.ioapi.opencode.aiapi.releases.hashicorp.comapp.opencode.aicommunity.chocolatey.orgformulae.brew.shgithub.comgithub.com`;gitlab.commcp.exa.aimodels.devoauth2.googleapis.comopencode.airaw.githubusercontent.comregistry.npmjs.orgus.i.posthog.comwww.google.com

high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/.opencode/tool/github-pr-search.ts:7 repo/.opencode/tool/github-pr-search.ts:4
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/.opencode/tool/github-triage.ts:26 repo/.opencode/tool/github-triage.ts:23
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/script/generate.ts:1 repo/packages/cli/script/generate.ts:5
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/component/email-signup.tsx:13 repo/packages/console/app/src/component/email-signup.tsx:10
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/lib/salesforce.ts:63 repo/packages/console/app/src/lib/salesforce.ts:54
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/routes/api/enterprise.ts:42 repo/packages/console/app/src/routes/api/enterprise.ts:39
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/auth.ts:114 repo/packages/console/function/src/auth.ts:112
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/auth.ts:121 repo/packages/console/function/src/auth.ts:119
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/log-processor.ts:72 repo/packages/console/function/src/log-processor.ts:68
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/core/src/plugin/provider/openai.ts:125 repo/packages/core/src/plugin/provider/openai.ts:122
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/core/src/session/compaction.ts:176 repo/packages/core/src/session/compaction.ts:197
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/desktop/scripts/finalize-latest-json.ts:16 repo/packages/desktop/scripts/finalize-latest-json.ts:32
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/desktop/scripts/finalize-latest-json.ts:16 repo/packages/desktop/scripts/finalize-latest-json.ts:116
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/script/generate.ts:10 repo/packages/opencode/script/generate.ts:13
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/cli/cmd/github.handler.ts:471 repo/packages/opencode/src/cli/cmd/github.handler.ts:791
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/cli/cmd/github.handler.ts:471 repo/packages/opencode/src/cli/cmd/github.handler.ts:1583
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/openai/codex.ts:487 repo/packages/opencode/src/plugin/openai/codex.ts:479
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/openai/codex.ts:487 repo/packages/opencode/src/plugin/openai/codex.ts:497
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:149 repo/packages/opencode/src/plugin/xai.ts:149
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:168 repo/packages/opencode/src/plugin/xai.ts:168
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:251 repo/packages/opencode/src/plugin/xai.ts:251
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/session/llm/native-runtime.ts:92 repo/packages/opencode/src/session/llm/native-runtime.ts:90
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/stats/app/src/routes/api/newsletter.ts:20 repo/packages/stats/app/src/routes/api/newsletter.ts:17
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ui/vite.config.ts:48 repo/packages/ui/vite.config.ts:49
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ui/vite.config.ts:48 repo/packages/ui/vite.config.ts:54
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/script/github/close-issues.ts:7 repo/script/github/close-issues.ts:45
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/script/github/close-issues.ts:7 repo/script/github/close-issues.ts:52
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/script/github/close-issues.ts:7 repo/script/github/close-issues.ts:67
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/script/stats.ts:4 repo/script/stats.ts:11
high first-party (npm): packages/ui User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ui/vite.config.ts:48 repo/packages/ui/vite.config.ts:49
high first-party (npm): packages/ui User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ui/vite.config.ts:48 repo/packages/ui/vite.config.ts:54
high first-party (npm): packages/cli User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/script/generate.ts:1 repo/packages/cli/script/generate.ts:5
high first-party (npm): packages/core User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/core/src/plugin/provider/openai.ts:125 repo/packages/core/src/plugin/provider/openai.ts:122
high first-party (npm): packages/core User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/core/src/session/compaction.ts:176 repo/packages/core/src/session/compaction.ts:197
high first-party (npm): packages/desktop User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/desktop/scripts/finalize-latest-json.ts:16 repo/packages/desktop/scripts/finalize-latest-json.ts:32
high first-party (npm): packages/desktop User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/desktop/scripts/finalize-latest-json.ts:16 repo/packages/desktop/scripts/finalize-latest-json.ts:116
high first-party (npm): packages/opencode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/script/generate.ts:10 repo/packages/opencode/script/generate.ts:13
high first-party (npm): packages/opencode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/cli/cmd/github.handler.ts:471 repo/packages/opencode/src/cli/cmd/github.handler.ts:791
high first-party (npm): packages/opencode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/cli/cmd/github.handler.ts:471 repo/packages/opencode/src/cli/cmd/github.handler.ts:1583
high first-party (npm): packages/opencode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/openai/codex.ts:487 repo/packages/opencode/src/plugin/openai/codex.ts:479
high first-party (npm): packages/opencode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/openai/codex.ts:487 repo/packages/opencode/src/plugin/openai/codex.ts:497
high first-party (npm): packages/opencode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:149 repo/packages/opencode/src/plugin/xai.ts:149
high first-party (npm): packages/opencode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:168 repo/packages/opencode/src/plugin/xai.ts:168
high first-party (npm): packages/opencode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:251 repo/packages/opencode/src/plugin/xai.ts:251
high first-party (npm): packages/opencode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/session/llm/native-runtime.ts:92 repo/packages/opencode/src/session/llm/native-runtime.ts:90
high first-party (npm): packages/stats/app User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/stats/app/src/routes/api/newsletter.ts:20 repo/packages/stats/app/src/routes/api/newsletter.ts:17
high first-party (npm): packages/console/app User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/component/email-signup.tsx:13 repo/packages/console/app/src/component/email-signup.tsx:10
high first-party (npm): packages/console/app User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/lib/salesforce.ts:63 repo/packages/console/app/src/lib/salesforce.ts:54
high first-party (npm): packages/console/app User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/routes/api/enterprise.ts:42 repo/packages/console/app/src/routes/api/enterprise.ts:39
high first-party (npm): packages/console/function User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/auth.ts:114 repo/packages/console/function/src/auth.ts:112
high first-party (npm): packages/console/function User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/auth.ts:121 repo/packages/console/function/src/auth.ts:119
high first-party (npm): packages/console/function User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/log-processor.ts:72 repo/packages/console/function/src/log-processor.ts:68
medium first-party (npm) Credentials parsed from the request URL are applied as authorization on the same outbound HTTP request. This is intentional URL authentication, not unexpected data exfiltration.
repo/packages/console/app/src/lib/salesforce.ts:57 repo/packages/console/app/src/lib/salesforce.ts:54
medium first-party (npm): packages/console/app Credentials parsed from the request URL are applied as authorization on the same outbound HTTP request. This is intentional URL authentication, not unexpected data exfiltration.
repo/packages/console/app/src/lib/salesforce.ts:57 repo/packages/console/app/src/lib/salesforce.ts:54
hub Dependency data flows (2)
high ai dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110 pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110
high @openauthjs/openauth dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/@[email protected]/src/provider/oauth2.ts:193 pkgs/npm/@[email protected]/src/provider/oauth2.ts:193

</> First-Party Code

first-party (npm)

npm first-party
high pii_flow production #55f51f9e3bb304a3 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/.opencode/tool/github-pr-search.ts:4 · flow /tmp/closeopen-92vkrbwj/repo/.opencode/tool/github-pr-search.ts:7 → /tmp/closeopen-92vkrbwj/repo/.opencode/tool/github-pr-search.ts:4
  const response = await fetch(`https://api.github.com${endpoint}`, {
    ...options,
    headers: {
      Authorization: `Bearer ${process.env.GITHUB_TOKEN}`,
      Accept: "application/vnd.github+json",
      "Content-Type": "application/json",
      ...(options.headers instanceof Headers ? Object.fromEntries(options.headers.entries()) : options.headers),
    },
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #b56aad4a69711d99 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/.opencode/tool/github-triage.ts:23 · flow /tmp/closeopen-92vkrbwj/repo/.opencode/tool/github-triage.ts:26 → /tmp/closeopen-92vkrbwj/repo/.opencode/tool/github-triage.ts:23
  const response = await fetch(`https://api.github.com${endpoint}`, {
    ...options,
    headers: {
      Authorization: `Bearer ${process.env.GITHUB_TOKEN}`,
      Accept: "application/vnd.github+json",
      "Content-Type": "application/json",
      ...(options.headers instanceof Headers ? Object.fromEntries(options.headers.entries()) : options.headers),
    },
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #3452682d83d5d7ce User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/script/generate.ts:5 · flow /tmp/closeopen-92vkrbwj/repo/packages/cli/script/generate.ts:1 → /tmp/closeopen-92vkrbwj/repo/packages/cli/script/generate.ts:5
  : await fetch(`${modelsUrl}/api.json`).then((response) => response.text())

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #27a0da14d040176a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/component/email-signup.tsx:10 · flow /tmp/closeopen-92vkrbwj/repo/packages/console/app/src/component/email-signup.tsx:13 → /tmp/closeopen-92vkrbwj/repo/packages/console/app/src/component/email-signup.tsx:10
  const response = await fetch(`https://api.emailoctopus.com/lists/${listId}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      email_address: emailAddress,
    }),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #febd36543b2f6409 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/lib/salesforce.ts:54 · flow /tmp/closeopen-92vkrbwj/repo/packages/console/app/src/lib/salesforce.ts:63 → /tmp/closeopen-92vkrbwj/repo/packages/console/app/src/lib/salesforce.ts:54
  const res = await fetch(`${auth.url}/services/data/v59.0/sobjects/Lead`, {
    method: "POST",
    headers: {
      Authorization: `Bearer ${auth.token}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      LastName: input.name,
      Company: input.company?.trim() || "Website",
      Email: input.email,
      Phone: input.phone ?? null,
      Title: input.role,
      Description: input.message,
      LeadSource: "Website",
    }),
  }).catch((err) => {

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #49bcf15ce7c9fffe User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/routes/api/enterprise.ts:39 · flow /tmp/closeopen-92vkrbwj/repo/packages/console/app/src/routes/api/enterprise.ts:42 → /tmp/closeopen-92vkrbwj/repo/packages/console/app/src/routes/api/enterprise.ts:39
  return fetch(`https://api.emailoctopus.com/lists/${EMAIL_OCTOPUS_LIST_ID}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify(payload),
  }).then(

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #1ea6b4af89991799 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/auth.ts:112 · flow /tmp/closeopen-92vkrbwj/repo/packages/console/function/src/auth.ts:114 → /tmp/closeopen-92vkrbwj/repo/packages/console/function/src/auth.ts:112
          const emails = (await fetch("https://api.github.com/user/emails", {
            headers: {
              Authorization: `Bearer ${response.tokenset.access}`,
              "User-Agent": "opencode",
              Accept: "application/vnd.github+json",
            },
          }).then((x) => x.json())) as any

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #023fea4928e4af31 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/auth.ts:119 · flow /tmp/closeopen-92vkrbwj/repo/packages/console/function/src/auth.ts:121 → /tmp/closeopen-92vkrbwj/repo/packages/console/function/src/auth.ts:119
          const user = (await fetch("https://api.github.com/user", {
            headers: {
              Authorization: `Bearer ${response.tokenset.access}`,
              "User-Agent": "opencode",
              Accept: "application/vnd.github+json",
            },
          }).then((x) => x.json())) as any

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #93688728b3c786fd User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/log-processor.ts:68 · flow /tmp/closeopen-92vkrbwj/repo/packages/console/function/src/log-processor.ts:72 → /tmp/closeopen-92vkrbwj/repo/packages/console/function/src/log-processor.ts:68
              fetch(lakeIngest.url, {
                method: "POST",
                headers: {
                  "Content-Type": "application/json",
                  Authorization: `Bearer ${lakeIngest.secret}`,
                },
                body: JSON.stringify({ events: events.map((event) => toLakeEvent(event.time, event.data)) }),
              }),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #6cfb69f70c5e3aa3 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/core/src/plugin/provider/openai.ts:122 · flow /tmp/closeopen-92vkrbwj/repo/packages/core/src/plugin/provider/openai.ts:125 → /tmp/closeopen-92vkrbwj/repo/packages/core/src/plugin/provider/openai.ts:122
                fetch(`${issuer}/api/accounts/deviceauth/token`, {
                  method: "POST",
                  headers: headers("application/json"),
                  body: JSON.stringify({ device_auth_id: device.device_auth_id, user_code: device.user_code }),
                  signal,
                }),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #e4f6d52fe2ef273a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/core/src/session/compaction.ts:197 · flow /tmp/closeopen-92vkrbwj/repo/packages/core/src/session/compaction.ts:176 → /tmp/closeopen-92vkrbwj/repo/packages/core/src/session/compaction.ts:197
        LLM.request({
          model: input.model,
          messages: [Message.user(summaryPrompt)],
          tools: [],
          generation: { maxTokens: summaryOutput },
        }),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #e13e3ab6259192dc User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/desktop/scripts/finalize-latest-json.ts:32 · flow /tmp/closeopen-92vkrbwj/repo/packages/desktop/scripts/finalize-latest-json.ts:16 → /tmp/closeopen-92vkrbwj/repo/packages/desktop/scripts/finalize-latest-json.ts:32
const rel = await fetch(`https://api.github.com/repos/${repo}/releases/${releaseId}`, {
  headers: {
    Authorization: `token ${token}`,
    Accept: "application/vnd.github+json",
  },
})

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #9c500092aa56c41b User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/desktop/scripts/finalize-latest-json.ts:116 · flow /tmp/closeopen-92vkrbwj/repo/packages/desktop/scripts/finalize-latest-json.ts:16 → /tmp/closeopen-92vkrbwj/repo/packages/desktop/scripts/finalize-latest-json.ts:116
  const res = await fetch(asset?.url ?? url, {
    headers: {
      Authorization: `token ${token}`,
      ...(asset ? { Accept: "application/octet-stream" } : {}),
    },
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #c6ce4b7dcd3a35ed User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/script/generate.ts:13 · flow /tmp/closeopen-92vkrbwj/repo/packages/opencode/script/generate.ts:10 → /tmp/closeopen-92vkrbwj/repo/packages/opencode/script/generate.ts:13
  : await fetch(`${modelsUrl}/api.json`).then((x) => x.text())

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #dbec76d4c8651246 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/cli/cmd/github.handler.ts:791 · flow /tmp/closeopen-92vkrbwj/repo/packages/opencode/src/cli/cmd/github.handler.ts:471 → /tmp/closeopen-92vkrbwj/repo/packages/opencode/src/cli/cmd/github.handler.ts:791
        const res = await fetch(url, {
          headers: {
            Authorization: `Bearer ${appToken}`,
            Accept: "application/vnd.github.v3+json",
          },
        })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #80926acfcc0fe4b2 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/cli/cmd/github.handler.ts:1583 · flow /tmp/closeopen-92vkrbwj/repo/packages/opencode/src/cli/cmd/github.handler.ts:471 → /tmp/closeopen-92vkrbwj/repo/packages/opencode/src/cli/cmd/github.handler.ts:1583
      await fetch("https://api.github.com/installation/token", {
        method: "DELETE",
        headers: {
          Authorization: `Bearer ${appToken}`,
          Accept: "application/vnd.github+json",
          "X-GitHub-Api-Version": "2022-11-28",
        },
      })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #65185332411526b0 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/openai/codex.ts:479 · flow /tmp/closeopen-92vkrbwj/repo/packages/opencode/src/plugin/openai/codex.ts:487 → /tmp/closeopen-92vkrbwj/repo/packages/opencode/src/plugin/openai/codex.ts:479
                  const response = await fetch(`${ISSUER}/api/accounts/deviceauth/token`, {
                    method: "POST",
                    headers: {
                      "Content-Type": "application/json",
                      "User-Agent": `opencode/${InstallationVersion}`,
                    },
                    body: JSON.stringify({
                      device_auth_id: deviceData.device_auth_id,
                      user_code: deviceData.user_code,
                    }),
                  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #6468c4e71d6d546c User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/openai/codex.ts:497 · flow /tmp/closeopen-92vkrbwj/repo/packages/opencode/src/plugin/openai/codex.ts:487 → /tmp/closeopen-92vkrbwj/repo/packages/opencode/src/plugin/openai/codex.ts:497
                    const tokenResponse = await fetch(`${ISSUER}/oauth/token`, {
                      method: "POST",
                      headers: { "Content-Type": "application/x-www-form-urlencoded" },
                      body: new URLSearchParams({
                        grant_type: "authorization_code",
                        code: data.authorization_code,
                        redirect_uri: `${ISSUER}/deviceauth/callback`,
                        client_id: CLIENT_ID,
                        code_verifier: data.code_verifier,
                      }).toString(),
                    })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #d8ab3d91487fdd5e User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:149 · flow /tmp/closeopen-92vkrbwj/repo/packages/opencode/src/plugin/xai.ts:149 → /tmp/closeopen-92vkrbwj/repo/packages/opencode/src/plugin/xai.ts:149
  const response = await fetch(options.tokenUrl ?? TOKEN_URL, {
    method: "POST",
    headers: authHeaders(),
    body: new URLSearchParams({
      grant_type: "authorization_code",
      code,
      redirect_uri: REDIRECT_URI,
      client_id: CLIENT_ID,
      code_verifier: pkce.verifier,
    }).toString(),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #19ce14bd763385d4 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:168 · flow /tmp/closeopen-92vkrbwj/repo/packages/opencode/src/plugin/xai.ts:168 → /tmp/closeopen-92vkrbwj/repo/packages/opencode/src/plugin/xai.ts:168
  const response = await fetch(options.tokenUrl ?? TOKEN_URL, {
    method: "POST",
    headers: authHeaders(),
    body: new URLSearchParams({
      grant_type: "refresh_token",
      refresh_token: refreshToken,
      client_id: CLIENT_ID,
    }).toString(),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #61469af03d5cc679 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:251 · flow /tmp/closeopen-92vkrbwj/repo/packages/opencode/src/plugin/xai.ts:251 → /tmp/closeopen-92vkrbwj/repo/packages/opencode/src/plugin/xai.ts:251
    const response = await fetch(options.tokenUrl ?? TOKEN_URL, {
      method: "POST",
      headers: authHeaders(),
      body: new URLSearchParams({
        grant_type: DEVICE_CODE_GRANT_TYPE,
        client_id: CLIENT_ID,
        device_code: device.device_code,
      }).toString(),
    })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #d09f1ad7c8245cb0 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/session/llm/native-runtime.ts:90 · flow /tmp/closeopen-92vkrbwj/repo/packages/opencode/src/session/llm/native-runtime.ts:92 → /tmp/closeopen-92vkrbwj/repo/packages/opencode/src/session/llm/native-runtime.ts:90
  const request = LLMNative.request({
    model: input.model,
    apiKey: current.apiKey,
    baseURL: current.baseURL,
    messages: ProviderTransform.message(input.messages, input.model, input.providerOptions ?? {}),
    toolChoice: input.toolChoice,
    temperature: input.temperature,
    topP: input.topP,
    topK: input.topK,
    maxOutputTokens: input.maxOutputTokens,
    providerOptions: ProviderTransform.providerOptions(input.model, input.providerOptions ?? {}),
    headers: { ...providerHeaders(input.provider.options.headers), ...input.headers },
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #65003ea75b983940 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/stats/app/src/routes/api/newsletter.ts:17 · flow /tmp/closeopen-92vkrbwj/repo/packages/stats/app/src/routes/api/newsletter.ts:20 → /tmp/closeopen-92vkrbwj/repo/packages/stats/app/src/routes/api/newsletter.ts:17
  const response = await fetch(`https://api.emailoctopus.com/lists/${listId}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      email_address: emailAddress.trim(),
    }),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #90b1c34f839d09a0 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ui/vite.config.ts:49 · flow /tmp/closeopen-92vkrbwj/repo/packages/ui/vite.config.ts:48 → /tmp/closeopen-92vkrbwj/repo/packages/ui/vite.config.ts:49
  const providers = await fetch(`${url}/api.json`)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #e03a9c34363ff8d1 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ui/vite.config.ts:54 · flow /tmp/closeopen-92vkrbwj/repo/packages/ui/vite.config.ts:48 → /tmp/closeopen-92vkrbwj/repo/packages/ui/vite.config.ts:54
      fetch(`${url}/logos/${provider}.svg`)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #e94d073627b73dfc User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/script/github/close-issues.ts:45 · flow /tmp/closeopen-92vkrbwj/repo/script/github/close-issues.ts:7 → /tmp/closeopen-92vkrbwj/repo/script/github/close-issues.ts:45
  const comment = await fetch(`${base}/comments`, {
    method: "POST",
    headers,
    body: JSON.stringify({ body: msg }),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #e5c81e8553caf196 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/script/github/close-issues.ts:52 · flow /tmp/closeopen-92vkrbwj/repo/script/github/close-issues.ts:7 → /tmp/closeopen-92vkrbwj/repo/script/github/close-issues.ts:52
  const patch = await fetch(base, {
    method: "PATCH",
    headers,
    body: JSON.stringify({ state: "closed", state_reason: "not_planned" }),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #66d76a43021901ee User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/script/github/close-issues.ts:67 · flow /tmp/closeopen-92vkrbwj/repo/script/github/close-issues.ts:7 → /tmp/closeopen-92vkrbwj/repo/script/github/close-issues.ts:67
    const res = await fetch(
      `https://api.github.com/repos/${repo}/issues?state=open&sort=updated&direction=asc&per_page=100&page=${page}`,
      { headers },
    )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #91d9d152d5180518 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/script/stats.ts:11 · flow /tmp/closeopen-92vkrbwj/repo/script/stats.ts:4 → /tmp/closeopen-92vkrbwj/repo/script/stats.ts:11
  const response = await fetch("https://us.i.posthog.com/i/v0/e/", {
    method: "POST",
    headers: {
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      distinct_id: "download",
      api_key: key,
      event,
      properties: {
        ...properties,
      },
    }),
  }).catch(() => null)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry production #66beae96b9d61efc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/app/src/app.tsx:2
import * as Sentry from "@sentry/solid"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #28142645d7eb329b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/app/src/entry.tsx:3
import * as Sentry from "@sentry/solid"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b675e380b033e8e2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/app/src/pages/error.tsx:2
import * as Sentry from "@sentry/solid"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #95957bedc2338e78 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/app/vite.config.ts:1
import { sentryVitePlugin } from "@sentry/vite-plugin"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium pii_flow production #489cf9897a8edf78 Credentials parsed from the request URL are applied as authorization on the same outbound HTTP request. This is intentional URL authentication, not unexpected data exfiltration.
repo/packages/console/app/src/lib/salesforce.ts:54 · flow /tmp/closeopen-92vkrbwj/repo/packages/console/app/src/lib/salesforce.ts:57 → /tmp/closeopen-92vkrbwj/repo/packages/console/app/src/lib/salesforce.ts:54
  const res = await fetch(`${auth.url}/services/data/v59.0/sobjects/Lead`, {
    method: "POST",
    headers: {
      Authorization: `Bearer ${auth.token}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      LastName: input.name,
      Company: input.company?.trim() || "Website",
      Email: input.email,
      Phone: input.phone ?? null,
      Title: input.role,
      Description: input.message,
      LeadSource: "Website",
    }),
  }).catch((err) => {

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry production #154af974d7c7e8c9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:312
      await rateLimiter?.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #9439258c8d386f85 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:317
        await trialLimiter?.track(usageInfo)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #dd8e86f7c32df0ef Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:318
        await modelTpmLimiter?.track(providerInfo.id, providerInfo.model, usageInfo)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ab1f6e875a1a1f38 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:319
        await providerBudgetTracker?.track(providerInfo.id, providerInfo.budgetPriority, costInfo.totalCostInCent)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #64bab8379b354c60 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:366
                await rateLimiter?.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #63e89ff086d96b46 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:371
                  await trialLimiter?.track(usageInfo)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #56b5847bddbe0876 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:372
                  await modelTpmLimiter?.track(providerInfo.id, providerInfo.model, usageInfo)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #85da4441ce583e66 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:373
                  await modelTpsLimiter?.track(
                    providerInfo.id,
                    providerInfo.model,
                    providerInfo.tpsGoal,
                    timestampFirstByte,
                    timestampLastByte,
                    usageInfo,
                  )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #0c1858c4d7508492 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:381
                  await providerBudgetTracker?.track(
                    providerInfo.id,
                    providerInfo.budgetPriority,
                    costInfo.totalCostInCent,
                  )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f0c6bdd1bde0732b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/desktop/electron.vite.config.ts:1
import { sentryVitePlugin } from "@sentry/vite-plugin"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #73927328b6f7de05 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/desktop/src/renderer/index.tsx:18
import * as Sentry from "@sentry/solid"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #5a510c7e97fe2ed4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/cli/cmd/debug/snapshot.ts:17
    const out = yield* Snapshot.Service.use((svc) => svc.track())

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #cbb361c61b81b39a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:153
            return scope.track(typeof dispose === "function" ? (dispose as () => void) : undefined)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #715968f2014c87d2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:173
        return scope.track(
          attention.soundboard.registerPack({
            ...pack,
            sounds: resolveHostAttentionSoundPaths(root, pack.sounds, { trim: true }),
          }),
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e71bed420bccd709 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:199
      return scope.track(mode.push(value))

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8683a14b8f779958 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:579
      return scope.track(api.route.register(list))

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #5cf9bd2a5dc984b3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:595
      return scope.track(api.event.on(type, handler))

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8a44fda8d03532eb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:607
      scope.track(host.register({ ...plugin, id }))

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fe7558e7fa19a946 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/session/processor.ts:102
      const initialSnapshot = yield* snapshot.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e75b037463b44a31 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/session/processor.ts:425
            if (!ctx.snapshot) ctx.snapshot = yield* snapshot.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #cb3f88c00175a1ea Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/session/processor.ts:436
            const completedSnapshot = yield* snapshot.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #51478a8ce3bb4897 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/session/revert.ts:70
      rev.snapshot = session.revert?.snapshot ?? (yield* snap.track())

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #202e7cf77ba8b7d4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/snapshot/index.ts:780
        return yield* InstanceState.useEffect(state, (s) => s.track())

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #5696da086d70ae65 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/session-ui/src/components/file.tsx:231
    if (bridge.track(event.buttons, hit.line)) return

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 476 low-confidence finding(s)
low env_fs production #585e25be88a762b3 Environment-variable access.
repo/.opencode/tool/github-pr-search.ts:7
      Authorization: `Bearer ${process.env.GITHUB_TOKEN}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ffcac598f603ce4 Environment-variable access.
repo/.opencode/tool/github-triage.ts:17
  const issue = parseInt(process.env.ISSUE_NUMBER ?? "", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #35d2140d59a39d3c Environment-variable access.
repo/.opencode/tool/github-triage.ts:26
      Authorization: `Bearer ${process.env.GITHUB_TOKEN}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #587e6fdb560c10c7 Environment-variable access.
repo/github/index.ts:302
  const value = process.env["MODEL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d2f68265e884724 Environment-variable access.
repo/github/index.ts:316
  const runId = process.env["GITHUB_RUN_ID"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #31ab87b93fe6f1f2 Environment-variable access.
repo/github/index.ts:323
  return process.env["AGENT"] || undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb2a18e710c75af8 Environment-variable access.
repo/github/index.ts:327
  const value = process.env["SHARE"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e61c5de684d4418d Environment-variable access.
repo/github/index.ts:336
    mockEvent: process.env["MOCK_EVENT"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f7573638fef381a Environment-variable access.
repo/github/index.ts:337
    mockToken: process.env["MOCK_TOKEN"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #96f43c56383847c0 Environment-variable access.
repo/github/index.ts:342
  return process.env["TOKEN"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #669a4bbbd50cc22e Hardcoded external endpoint. Review what data is sent to this destination.
repo/github/index.ts:377
    response = await fetch("https://api.opencode.ai/exchange_github_app_token_with_pat", {
      method: "POST",
      headers: {
        Authorization: `Bearer ${useEnvMock().mockToken}`,
      },
      body: JSON.stringify({ owner: repo.owner, repo: repo.repo }),
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #a2a46346bbeabeef Hardcoded external endpoint. Review what data is sent to this destination.
repo/github/index.ts:386
    response = await fetch("https://api.opencode.ai/exchange_github_app_token", {
      method: "POST",
      headers: {
        Authorization: `Bearer ${oidcToken}`,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #54b67bc5d0b6cb8d Hardcoded external endpoint. Review what data is sent to this destination.
repo/github/index.ts:1064
  await fetch("https://api.github.com/installation/token", {
    method: "DELETE",
    headers: {
      Authorization: `Bearer ${accessToken}`,
      Accept: "application/vnd.github+json",
      "X-GitHub-Api-Version": "2022-11-28",
    },
  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #cff2ac1e5025edb9 Environment-variable access.
repo/infra/console.ts:276
          new sst.Secret("CLOUDFLARE_DEFAULT_ACCOUNT_ID", process.env.CLOUDFLARE_DEFAULT_ACCOUNT_ID!),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7df2016f16c5ddc1 Environment-variable access.
repo/infra/console.ts:277
          new sst.Secret("CLOUDFLARE_API_TOKEN", process.env.CLOUDFLARE_API_TOKEN!),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0d4e3b46f6ec62e7 Filesystem access.
repo/nix/scripts/canonicalize-node-modules.ts:1
import { lstat, mkdir, readdir, rm, symlink } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fdb7f3b01674e44d Filesystem access.
repo/nix/scripts/normalize-bun-binaries.ts:1
import { lstat, mkdir, readdir, rm, symlink } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #62af154758b042f6 Environment-variable access.
repo/packages/app/e2e/performance/benchmark.ts:32
          runID: process.env.OPENCODE_PERFORMANCE_RUN_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #217b3b343dca4b80 Environment-variable access.
repo/packages/app/e2e/performance/benchmark.ts:125
      runID: process.env.OPENCODE_PERFORMANCE_RUN_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f25351733d521c9 Environment-variable access.
repo/packages/app/e2e/performance/benchmark.ts:133
        selectorTrace: process.env.OPENCODE_PERFORMANCE_SELECTOR_TRACE === "1",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #465b4d58511caf63 Environment-variable access.
repo/packages/app/e2e/performance/chrome-trace.ts:22
  const directory = process.env.OPENCODE_PERFORMANCE_TRACE_DIR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4878c6f2f5af3bec Environment-variable access.
repo/packages/app/e2e/performance/chrome-trace.ts:25
  const selectors = process.env.OPENCODE_PERFORMANCE_SELECTOR_TRACE === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #28622ce4b1f97a2d Environment-variable access.
repo/packages/app/e2e/performance/chrome-trace.ts:76
  const run = process.env.OPENCODE_PERFORMANCE_RUN_ID ?? "manual"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d05f939ef5a29e04 Environment-variable access.
repo/packages/app/e2e/performance/playwright.config.ts:3
const port = Number(process.env.PLAYWRIGHT_PORT ?? 3000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7283c1599bc4ffa Environment-variable access.
repo/packages/app/e2e/performance/playwright.config.ts:4
process.env.PLAYWRIGHT_SERVER_PORT = String(port)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e94232919de0e96b Environment-variable access.
repo/packages/app/e2e/performance/playwright.config.ts:5
process.env.OPENCODE_PERFORMANCE_RUN_ID ??= `${new Date().toISOString().replace(/[:.]/g, "-")}-${process.pid}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f0b38b1f2274fb92 Environment-variable access.
repo/packages/app/e2e/performance/timeline-stability/fixture.ts:113
    server: `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #28ac56824e41f76a Environment-variable access.
repo/packages/app/e2e/performance/timeline/review-pane-scaling-benchmark.spec.ts:10
const completionTimeoutMs = Number(process.env.REVIEW_PANE_COMPLETION_TIMEOUT_MS ?? 900_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4814322eed00edcc Environment-variable access.
repo/packages/app/e2e/performance/timeline/review-pane-scaling-benchmark.spec.ts:44
        const patchByteLimit = Number(process.env.REVIEW_PANE_PATCH_BYTE_LIMIT ?? Number.POSITIVE_INFINITY)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ff8c50652e210510 Environment-variable access.
repo/packages/app/e2e/performance/timeline/review-pane-scaling-benchmark.spec.ts:46
          throw new Error(`Invalid REVIEW_PANE_PATCH_BYTE_LIMIT: ${process.env.REVIEW_PANE_PATCH_BYTE_LIMIT}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c03d78d687b993b9 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-parent-hydration-benchmark.spec.ts:11
const mode = process.env.SESSION_PARENT_HYDRATION_BENCHMARK_MODE ?? "natural"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #79e1e6230a2a581c Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-tab-switch-benchmark.spec.ts:33
    const runs = Number(process.env.SESSION_TAB_SWITCH_RUNS ?? 5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #be1c822fcc01e450 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:43
    benchmark.setTimeout(Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000) + 60_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #70c27e524f84898f Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:49
    benchmark.setTimeout(Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000) + 60_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81ffb5e2cc46103c Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:55
    benchmark.setTimeout(Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000) + 60_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78fe0a30318b3405 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:61
    benchmark.setTimeout(Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000) + 60_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb19b2b0c37826a6 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:70
    const historyTurns = Number(process.env.REVIEW_PANE_HISTORY_TURNS ?? 72)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0a930456dd09b8e Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:103
  const completionTimeoutMs = Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #548ff359ac7c0daf Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:104
  const cpuThrottle = Number(process.env.TIMELINE_CPU_THROTTLE ?? 30)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3cb418166eb1cc34 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:105
  const deltaCount = Number(process.env.TIMELINE_DELTA_COUNT ?? 160)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0d42419896788b62 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:106
  const historyTurns = Number(process.env.TIMELINE_HISTORY_TURNS ?? 320)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b1c9ba9931c0db87 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:107
  const eventBatch = Number(process.env.TIMELINE_EVENT_BATCH ?? 1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e6ed3f27f7e0074 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:108
  const minimal = process.env.TIMELINE_MINIMAL === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7d21ad0e3e45cb1f Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:109
  const profileCPU = process.env.TIMELINE_CPU_PROFILE === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #704335b0f516af65 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:110
  const profileVisual = !minimal && profileCPU && process.env.TIMELINE_VISUAL_PROFILE !== "0"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1728555ed674cb04 Environment-variable access.
repo/packages/app/e2e/performance/timeline/timeline-test-helpers.ts:83
  return `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b580c72b76dbaa0 Environment-variable access.
repo/packages/app/e2e/performance/timeline/timeline-test-helpers.ts:87
  return Array.from({ length: Number(process.env.REVIEW_PANE_DIFF_COUNT ?? 72) }, (_, index) => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61fcfd208213d2a2 Environment-variable access.
repo/packages/app/e2e/regression/new-session-panel-corner.spec.ts:7
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d391f8c28cd88b4 Environment-variable access.
repo/packages/app/e2e/regression/review-tab-switch.spec.ts:12
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a54f4eb964590b39 Environment-variable access.
repo/packages/app/e2e/regression/session-timeline-history-root.spec.ts:56
      server: `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #237b2e9992498b1a Environment-variable access.
repo/packages/app/e2e/regression/session-todo-dock-navigation.spec.ts:136
  const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #747d24a0f666d93b Environment-variable access.
repo/packages/app/e2e/regression/session-todo-dock-navigation.spec.ts:157
  const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #80c5d4e4d9fc77eb Environment-variable access.
repo/packages/app/e2e/regression/subagent-child-navigation.spec.ts:78
    (url) => url.pathname === "/session" && url.port === (process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74b5613a686d4d84 Environment-variable access.
repo/packages/app/e2e/regression/subagent-child-navigation.spec.ts:180
  const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b33c634848fdb4bd Environment-variable access.
repo/packages/app/e2e/regression/subagent-child-navigation.spec.ts:198
  const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f709bf02aa9d4efa Environment-variable access.
repo/packages/app/e2e/regression/terminal-tab-switch.spec.ts:13
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c7ba00f00491a15 Environment-variable access.
repo/packages/app/e2e/utils/mock-server.ts:49
    const targetPort = process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a34faebbfa177ce5 Environment-variable access.
repo/packages/app/e2e/utils/mock-server.ts:51
      process.env.PLAYWRIGHT_BASE_URL ?? `http://127.0.0.1:${process.env.PLAYWRIGHT_PORT ?? "3000"}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aacd83c38d3bc5e9 Environment-variable access.
repo/packages/app/e2e/utils/visual-stability/capture.ts:13
  if (process.env.OPENCODE_STABILITY_CAPTURE !== "1") return

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #70ec2f500411b75b Filesystem access.
repo/packages/app/e2e/utils/visual-stability/reporter.ts:19
  await writeFile(tracePath, JSON.stringify(trace, null, 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c54c9616a9125f2 Filesystem access.
repo/packages/app/e2e/utils/visual-stability/reporter.ts:20
  await writeFile(
    issuesPath,
    JSON.stringify({ issues, markers: result.markers, capturedFrameCount: result.frames.length }, null, 2),
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e2d183ccc1f6f503 Environment-variable access.
repo/packages/app/playwright.config.ts:3
const port = Number(process.env.PLAYWRIGHT_PORT ?? 3000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dca033ad1bfc31c0 Environment-variable access.
repo/packages/app/playwright.config.ts:4
const baseURL = process.env.PLAYWRIGHT_BASE_URL ?? `http://127.0.0.1:${port}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bff53468b98a778d Environment-variable access.
repo/packages/app/playwright.config.ts:5
const serverHost = process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c81303704234eb1 Environment-variable access.
repo/packages/app/playwright.config.ts:6
const serverPort = process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99fb662b005afe03 Environment-variable access.
repo/packages/app/playwright.config.ts:8
const reuse = !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa8541a802e53770 Environment-variable access.
repo/packages/app/playwright.config.ts:9
const workers = Number(process.env.PLAYWRIGHT_WORKERS ?? (process.env.CI ? 5 : 0)) || undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3577063719c6fd61 Environment-variable access.
repo/packages/app/playwright.config.ts:12
  testIgnore: process.env.OPENCODE_PERFORMANCE === "1" ? "performance/**/*.test.ts" : "performance/**",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dad719b9bd2c7257 Environment-variable access.
repo/packages/app/playwright.config.ts:18
  fullyParallel: process.env.PLAYWRIGHT_FULLY_PARALLEL === "1",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b73c68b2bbdaff3 Environment-variable access.
repo/packages/app/playwright.config.ts:19
  forbidOnly: !!process.env.CI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #21b511391c658f72 Environment-variable access.
repo/packages/app/playwright.config.ts:20
  retries: process.env.CI ? 2 : 0,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dba1b0a2350ce371 Environment-variable access.
repo/packages/app/vite.config.ts:6
  process.env.SENTRY_AUTH_TOKEN && process.env.SENTRY_ORG && process.env.SENTRY_PROJECT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c44234bd6508fe0 Environment-variable access.
repo/packages/app/vite.config.ts:8
        authToken: process.env.SENTRY_AUTH_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9b55e8616ce2862 Environment-variable access.
repo/packages/app/vite.config.ts:9
        org: process.env.SENTRY_ORG,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #963293b8cee122c9 Environment-variable access.
repo/packages/app/vite.config.ts:10
        project: process.env.SENTRY_PROJECT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4f195e624a79f91d Environment-variable access.
repo/packages/app/vite.config.ts:13
          name: process.env.SENTRY_RELEASE ?? process.env.VITE_SENTRY_RELEASE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a9342fb8a16549ef Environment-variable access.
repo/packages/app/vite.js:9
  const raw = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74cfc2ee550948be Environment-variable access.
repo/packages/app/vite.js:11
  if (process.env.OPENCODE_CHANNEL === "latest") return "prod"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cdc10493a3956add Filesystem access.
repo/packages/app/vite.js:42
        `<script id="oc-theme-preload-script">${readFileSync(theme, "utf8")}</script>`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #836238be40b195e7 Filesystem access.
repo/packages/cli/bin/lildax.cjs:4
const fs = require("fs")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ae905afade33861d Environment-variable access.
repo/packages/cli/bin/lildax.cjs:32
const envPath = process.env.OPENCODE_BIN_PATH

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #15d1508c62ba8345 Filesystem access.
repo/packages/cli/bin/lildax.cjs:44
      return /(^|\s)avx2(\s|$)/i.test(fs.readFileSync("/proc/cpuinfo", "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #03a695e3aded0158 Filesystem access.
repo/packages/cli/script/build.ts:4
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #449406ea36e2ba62 Filesystem access.
repo/packages/cli/script/build.ts:5
import { rm } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c5518748223a90c1 Environment-variable access.
repo/packages/cli/script/generate.ts:1
const modelsUrl = process.env.OPENCODE_MODELS_URL || "https://models.dev"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #689730fdb3d91cf0 Environment-variable access.
repo/packages/cli/script/generate.ts:3
export const modelsData = process.env.MODELS_DEV_API_JSON

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #92acc9fe49623975 Environment-variable access.
repo/packages/cli/script/generate.ts:4
  ? await Bun.file(process.env.MODELS_DEV_API_JSON).text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #49dc162331d14e01 Filesystem access.
repo/packages/console/app/script/generate-sitemap.ts:2
import { readdir, writeFile } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86165a1883fb147a Filesystem access.
repo/packages/console/app/script/generate-sitemap.ts:103
  await writeFile(outputPath, xml, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #9cbbca50870a294b Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/app/src/component/email-signup.tsx:10
  const response = await fetch(`https://api.emailoctopus.com/lists/${listId}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      email_address: emailAddress,
    }),
  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #def8749a050b9cf1 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/app/src/lib/changelog.ts:42
  const response = await fetch("https://api.github.com/repos/anomalyco/opencode/releases?per_page=20", {
    headers: {
      Accept: "application/vnd.github.v3+json",
      "User-Agent": "OpenCode-Console",
    },
    cf: {
      // best-effort edge caching (ignored outside Cloudflare)
      cacheTtl: 60 * 5,
      cacheEverything: true,
    },
  } as RequestInit).catch(() => undefined)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #7652329fff2a13f8 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/app/src/routes/api/enterprise.ts:39
  return fetch(`https://api.emailoctopus.com/lists/${EMAIL_OCTOPUS_LIST_ID}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify(payload),
  }).then(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #957cca9eff5dfa55 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/app/src/routes/openapi.json.ts:2
  const response = await fetch(
    "https://raw.githubusercontent.com/anomalyco/opencode/refs/heads/dev/packages/sdk/openapi.json",
  )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #cc50b7097734faa2 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/function/src/auth.ts:112
          const emails = (await fetch("https://api.github.com/user/emails", {
            headers: {
              Authorization: `Bearer ${response.tokenset.access}`,
              "User-Agent": "opencode",
              Accept: "application/vnd.github+json",
            },
          }).then((x) => x.json())) as any

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #319ea87c238f6b10 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/function/src/auth.ts:119
          const user = (await fetch("https://api.github.com/user", {
            headers: {
              Authorization: `Bearer ${response.tokenset.access}`,
              "User-Agent": "opencode",
              Accept: "application/vnd.github+json",
            },
          }).then((x) => x.json())) as any

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #201097353326fa5d Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/function/src/log-processor.ts:58
        fetch("https://api.honeycomb.io/1/batch/zen", {
          method: "POST",
          headers: {
            "Content-Type": "application/json",
            "X-Honeycomb-Team": Resource.HONEYCOMB_API_KEY.value,
          },
          body: JSON.stringify(events),
        }),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #3ad7888c0f397e6f Environment-variable access.
repo/packages/containers/script/build.ts:10
const reg = process.env.REGISTRY ?? "ghcr.io/anomalyco"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f03847b02c47fc00 Environment-variable access.
repo/packages/containers/script/build.ts:11
const tag = process.env.TAG ?? "24.04"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cdb50864dbeef7d9 Environment-variable access.
repo/packages/containers/script/build.ts:12
const push = process.argv.includes("--push") || process.env.PUSH === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8f348af12e285c11 Filesystem access.
repo/packages/core/script/fix-node-pty.ts:3
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d2b9b4d3a3b361cc Filesystem access.
repo/packages/core/script/migration.ts:4
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a9e3fed98e07d243 Environment-variable access.
repo/packages/core/src/database/database.ts:50
    process.env.OPENCODE_DISABLE_CHANNEL_DB === "1" ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #94cd1ca715f1eaaa Environment-variable access.
repo/packages/core/src/database/database.ts:51
    process.env.OPENCODE_DISABLE_CHANNEL_DB === "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a8cdcab9022c797d Filesystem access.
repo/packages/core/src/file-mutation.ts:112
          const current = yield* fs
            .readFile(input.target.canonical)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc7e8d1caafadaea Filesystem access.
repo/packages/core/src/file-mutation.ts:130
              : fs.writeFile(input.target.canonical, input.content, { flag: "wx" })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81c1336273ee028d Filesystem access.
repo/packages/core/src/file-mutation.ts:147
          const current = yield* fs.readFile(input.target.canonical)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e707ec2884a866e Filesystem access.
repo/packages/core/src/file-mutation.ts:153
            : fs.writeFile(input.target.canonical, input.content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7cda559fc77240f5 Filesystem access.
repo/packages/core/src/filesystem.ts:83
          content: yield* fs.readFile(target.real).pipe(Effect.orDie),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1164c241a3dab04d Environment-variable access.
repo/packages/core/src/flag/flag.ts:4
  const value = process.env[key]?.toLowerCase()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d8a761a31bc759c Environment-variable access.
repo/packages/core/src/flag/flag.ts:8
const copy = process.env["OPENCODE_EXPERIMENTAL_DISABLE_COPY_ON_SELECT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7ca61e295063dd7 Environment-variable access.
repo/packages/core/src/flag/flag.ts:9
const fff = process.env["OPENCODE_DISABLE_FFF"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08ab68e7f847c174 Environment-variable access.
repo/packages/core/src/flag/flag.ts:12
  return process.env[key] === undefined ? truthy("OPENCODE_EXPERIMENTAL") : truthy(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f0ec0b96466dc168 Environment-variable access.
repo/packages/core/src/flag/flag.ts:16
  OTEL_EXPORTER_OTLP_ENDPOINT: process.env["OTEL_EXPORTER_OTLP_ENDPOINT"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18f54321bedd49e4 Environment-variable access.
repo/packages/core/src/flag/flag.ts:17
  OTEL_EXPORTER_OTLP_HEADERS: process.env["OTEL_EXPORTER_OTLP_HEADERS"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6af1a72dcde4ded1 Environment-variable access.
repo/packages/core/src/flag/flag.ts:20
  OPENCODE_GIT_BASH_PATH: process.env["OPENCODE_GIT_BASH_PATH"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b89aa0c86744438 Environment-variable access.
repo/packages/core/src/flag/flag.ts:21
  OPENCODE_CONFIG: process.env["OPENCODE_CONFIG"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #87455b9c5a63450f Environment-variable access.
repo/packages/core/src/flag/flag.ts:22
  OPENCODE_CONFIG_CONTENT: process.env["OPENCODE_CONFIG_CONTENT"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #67b036609defe63b Environment-variable access.
repo/packages/core/src/flag/flag.ts:31
  OPENCODE_FAKE_VCS: process.env["OPENCODE_FAKE_VCS"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f6cc7e9fad7e178 Environment-variable access.
repo/packages/core/src/flag/flag.ts:32
  OPENCODE_SERVER_PASSWORD: process.env["OPENCODE_SERVER_PASSWORD"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23724ec5728352e5 Environment-variable access.
repo/packages/core/src/flag/flag.ts:33
  OPENCODE_SERVER_USERNAME: process.env["OPENCODE_SERVER_USERNAME"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5c1be296a6c0a37 Environment-variable access.
repo/packages/core/src/flag/flag.ts:45
  OPENCODE_MODELS_URL: process.env["OPENCODE_MODELS_URL"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #73ddf5501620eefd Environment-variable access.
repo/packages/core/src/flag/flag.ts:46
  OPENCODE_MODELS_PATH: process.env["OPENCODE_MODELS_PATH"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #314f46da9baceed8 Environment-variable access.
repo/packages/core/src/flag/flag.ts:47
  OPENCODE_DB: process.env["OPENCODE_DB"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f139fbf871a778e8 Environment-variable access.
repo/packages/core/src/flag/flag.ts:49
  OPENCODE_WORKSPACE_ID: process.env["OPENCODE_WORKSPACE_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7130a8da7543c5d4 Environment-variable access.
repo/packages/core/src/flag/flag.ts:61
    return process.env["OPENCODE_TUI_CONFIG"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b62ef52224099108 Environment-variable access.
repo/packages/core/src/flag/flag.ts:64
    return process.env["OPENCODE_CONFIG_DIR"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #922bca9f935d30f9 Environment-variable access.
repo/packages/core/src/flag/flag.ts:70
    return process.env["OPENCODE_PERMISSION"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b3ac920680703d33 Environment-variable access.
repo/packages/core/src/flag/flag.ts:73
    return process.env["OPENCODE_PLUGIN_META_FILE"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d971d85d96c8066 Environment-variable access.
repo/packages/core/src/flag/flag.ts:76
    return process.env["OPENCODE_CLIENT"] ?? "cli"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8de31f820efcb52d Filesystem access.
repo/packages/core/src/fs-util.ts:3
import { realpathSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39bb80804c7adfa4 Filesystem access.
repo/packages/core/src/fs-util.ts:4
import * as NFS from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4d865364450b6c4 Filesystem access.
repo/packages/core/src/global.ts:2
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #47eacaceba3b9efa Environment-variable access.
repo/packages/core/src/global.ts:19
    return process.env.OPENCODE_TEST_HOME ?? os.homedir()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c1e7a6406cc87d1 Environment-variable access.
repo/packages/core/src/integration.ts:298
        .flatMap((method) => method.names.filter((name) => process.env[name]))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9077d77a9a6079ee Environment-variable access.
repo/packages/core/src/integration.ts:387
            const key = process.env[connection.name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8bdb800e4c86de3 Environment-variable access.
repo/packages/core/src/observability/logging.ts:57
  const value = process.env.OPENCODE_LOG_LEVEL?.toUpperCase()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd3fccc1fd12c23d Environment-variable access.
repo/packages/core/src/observability/logging.ts:68
  return process.env.OPENCODE_PRINT_LOGS === "1" ? [fileLogger(), stderrLogger] : [fileLogger()]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #60ff02cf9fba13b6 Environment-variable access.
repo/packages/core/src/observability/otlp.ts:21
  const value = process.env.OTEL_RESOURCE_ATTRIBUTES

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b3f1f2139bd9a83d Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:85
        const profile = typeof options.profile === "string" ? options.profile : process.env.AWS_PROFILE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82ab1b2f005dd471 Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:86
        const region = typeof options.region === "string" ? options.region : (process.env.AWS_REGION ?? "us-east-1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1d883a32eaa0271a Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:88
          process.env.AWS_BEARER_TOKEN_BEDROCK ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b249b9cf54dc3529 Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:90
        if (bearerToken && !process.env.AWS_BEARER_TOKEN_BEDROCK) process.env.AWS_BEARER_TOKEN_BEDROCK = bearerToken

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e0b20615d9a4b47 Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:92
          process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI || process.env.AWS_CONTAINER_CREDENTIALS_FULL_URI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b614ff9338dbfbd4 Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:121
        const region = typeof evt.options.region === "string" ? evt.options.region : process.env.AWS_REGION

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa5526b8bf67cf87 Environment-variable access.
repo/packages/core/src/plugin/provider/azure.ts:23
            typeof configured === "string" && configured.trim() !== "" ? configured : process.env.AZURE_RESOURCE_NAME

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa587bbc906d84fe Environment-variable access.
repo/packages/core/src/plugin/provider/azure.ts:63
        const resourceName = process.env.AZURE_COGNITIVE_SERVICES_RESOURCE_NAME

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb8647b2972a60f3 Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-ai-gateway.ts:47
  const accountId = process.env.CLOUDFLARE_ACCOUNT_ID ?? stringOption(options, "accountId")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a6f2845a11609af6 Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-ai-gateway.ts:51
    process.env.CLOUDFLARE_GATEWAY_ID ?? stringOption(options, "gatewayId") ?? stringOption(options, "gateway")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #98020066e50d4d51 Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-ai-gateway.ts:52
  const apiKey = process.env.CLOUDFLARE_API_TOKEN ?? process.env.CF_AIG_TOKEN ?? stringOption(options, "apiKey")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab97b024dca73a94 Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-workers-ai.ts:50
  return process.env.CLOUDFLARE_ACCOUNT_ID ?? stringOption(options, "accountId")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #693fa23e34d12b24 Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-workers-ai.ts:65
    apiKey: process.env.CLOUDFLARE_API_KEY ?? options.apiKey,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44e887691da3d954 Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-workers-ai.ts:76
  return baseURL.replaceAll("${CLOUDFLARE_ACCOUNT_ID}", process.env.CLOUDFLARE_ACCOUNT_ID ?? "${CLOUDFLARE_ACCOUNT_ID}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75de4353cb0a8a70 Environment-variable access.
repo/packages/core/src/plugin/provider/gitlab.ts:19
              : (process.env.GITLAB_INSTANCE_URL ?? "https://gitlab.com"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #84c49f04738aa821 Environment-variable access.
repo/packages/core/src/plugin/provider/gitlab.ts:20
          apiKey: typeof evt.options.apiKey === "string" ? evt.options.apiKey : process.env.GITLAB_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a43e152413195c4 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:10
    process.env.GOOGLE_VERTEX_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc33746eb4156ff3 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:11
    process.env.GOOGLE_CLOUD_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c618f8478117e7e4 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:12
    process.env.GCP_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63307a9a40c7855f Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:13
    process.env.GCLOUD_PROJECT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f71653fb0adcb0d Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:20
    process.env.GOOGLE_VERTEX_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a11f0979ec61f263 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:21
    process.env.GOOGLE_CLOUD_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4b872fa3b6857f3 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:22
    process.env.VERTEX_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d5af44564c9c4160 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:125
            process.env.GOOGLE_CLOUD_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #986a558a71f89771 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:126
            process.env.GCP_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86e19e07b5d68b0f Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:127
            process.env.GCLOUD_PROJECT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f4ec02e2e27de1e4 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:130
            process.env.GOOGLE_CLOUD_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a3eafaa44621cbe Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:131
            process.env.VERTEX_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7124b8a7f0850050 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:147
            : (process.env.GOOGLE_CLOUD_PROJECT ?? process.env.GCP_PROJECT ?? process.env.GCLOUD_PROJECT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c8cb22f0ddb6b14c Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:151
            : (process.env.GOOGLE_CLOUD_LOCATION ?? process.env.VERTEX_LOCATION ?? "global")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #16c2d5b9e15f2d7f Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/core/src/plugin/provider/openai.ts:122
                fetch(`${issuer}/api/accounts/deviceauth/token`, {
                  method: "POST",
                  headers: headers("application/json"),
                  body: JSON.stringify({ device_auth_id: device.device_auth_id, user_code: device.user_code }),
                  signal,
                }),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #5922b92a637916e6 Environment-variable access.
repo/packages/core/src/plugin/provider/opencode.ts:167
      const hasKey = Boolean(process.env.OPENCODE_API_KEY || connected || item.provider.request.body.apiKey)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86c74d0af5047aed Environment-variable access.
repo/packages/core/src/plugin/provider/sap-ai-core.ts:15
          process.env.AICORE_SERVICE_KEY ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33a394e66bafb0e4 Environment-variable access.
repo/packages/core/src/plugin/provider/sap-ai-core.ts:17
        if (serviceKey && !process.env.AICORE_SERVICE_KEY) process.env.AICORE_SERVICE_KEY = serviceKey

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7383367f99b79dd3 Environment-variable access.
repo/packages/core/src/plugin/provider/sap-ai-core.ts:34
            ? { deploymentId: process.env.AICORE_DEPLOYMENT_ID, resourceGroup: process.env.AICORE_RESOURCE_GROUP }

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f66d557479005cf2 Environment-variable access.
repo/packages/core/src/plugin/provider/snowflake-cortex.ts:74
          process.env.SNOWFLAKE_CORTEX_TOKEN ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd1b1517af42893d Environment-variable access.
repo/packages/core/src/plugin/provider/snowflake-cortex.ts:75
          process.env.SNOWFLAKE_CORTEX_PAT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9455307d080ec210 Environment-variable access.
repo/packages/core/src/repository.ts:169
  const base = process.env.OPENCODE_REPO_CLONE_GITHUB_BASE_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3e32b17affc79611 Filesystem access.
repo/packages/core/src/shell.ts:5
import { readFile } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ec3ca78dae1ef11 Filesystem access.
repo/packages/core/src/shell.ts:6
import { statSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c707ca90a90cc424 Environment-variable access.
repo/packages/core/src/shell.ts:101
      [which("pwsh"), which("powershell"), gitbash(), process.env.COMSPEC || "cmd.exe"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85229f2c646c80ec Filesystem access.
repo/packages/core/src/shell.ts:109
  const text = await readFile("/etc/shells", "utf8").catch(() => "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1fbfedf050ec5b0 Environment-variable access.
repo/packages/core/src/shell.ts:207
  defaultPreferred ??= select(process.env.SHELL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2592a32af7d78d41 Environment-variable access.
repo/packages/core/src/shell.ts:216
  defaultAcceptable ??= select(process.env.SHELL, { acceptable: true })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #40db285f3ac2057f Filesystem access.
repo/packages/core/src/tool/apply-patch.ts:139
                    const source = yield* fs.readFile(target.canonical)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #57a383d81a2c8f6b Environment-variable access.
repo/packages/core/src/tool/bash.ts:49
const defaultShell = () => (process.platform === "win32" ? (process.env.COMSPEC ?? "cmd.exe") : "/bin/sh")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c711f180433ff004 Filesystem access.
repo/packages/core/src/tool/edit.ts:161
                const source = decodeUtf8(yield* unableToEdit(fs.readFile(target.canonical)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8041b78a81e96e6b Environment-variable access.
repo/packages/core/src/tool/websearch.ts:76
      process.env.OPENCODE_WEBSEARCH_PROVIDER === "exa" || process.env.OPENCODE_WEBSEARCH_PROVIDER === "parallel"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aed6647e10ae537b Environment-variable access.
repo/packages/core/src/tool/websearch.ts:77
        ? process.env.OPENCODE_WEBSEARCH_PROVIDER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2c9bc7a03d642b81 Environment-variable access.
repo/packages/core/src/tool/websearch.ts:81
    exaApiKey: process.env.EXA_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52e583ab8123975c Environment-variable access.
repo/packages/core/src/tool/websearch.ts:82
    parallelApiKey: process.env.PARALLEL_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #b7099d37db4248e5 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/core/src/tool/websearch.ts:147
  const url = new URL(EXA_URL)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #baa800a7f9603192 Filesystem access.
repo/packages/core/src/util/flock.ts:4
import { mkdir, readFile, rm, stat, utimes, writeFile } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #95f920a850d283af Environment-variable access.
repo/packages/core/src/util/which.ts:6
  const base = env?.PATH ?? env?.Path ?? process.env.PATH ?? process.env.Path ?? ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #45631110899aefff Environment-variable access.
repo/packages/core/src/util/which.ts:11
    pathExt: env?.PATHEXT ?? env?.PathExt ?? process.env.PATHEXT ?? process.env.PathExt,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9ad479fda0666e24 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:14
    const previous = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83034aacfca004a5 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:15
    process.env.OPENCODE_CHANNEL = channel.channel

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6b4d714b8417618f Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:20
    if (previous === undefined) delete process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b57772dfd7c6a6d Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:21
    else process.env.OPENCODE_CHANNEL = previous

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ce5b6bea00b8406 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:31
  const previous = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #035252ee732971a2 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:32
  process.env.OPENCODE_CHANNEL = "prod"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f66434c2944f99d Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:37
  if (previous === undefined) delete process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #41a455b9b654a831 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:38
  else process.env.OPENCODE_CHANNEL = previous

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d5798bc0dc9a263e Environment-variable access.
repo/packages/desktop/electron-builder.config.ts:20
  if (process.env.GITHUB_ACTIONS !== "true") return

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d326b54b6e8b3f1 Environment-variable access.
repo/packages/desktop/electron-builder.config.ts:30
  const raw = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa33c7ea33c5584c Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:9
  const raw = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ff318953bae6030a Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:11
  if (process.env.OPENCODE_CHANNEL === "latest") return "prod"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7fde6044921182a Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:18
  process.env.SENTRY_AUTH_TOKEN && process.env.SENTRY_ORG && process.env.SENTRY_PROJECT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b49cb26dbd7d889 Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:20
        authToken: process.env.SENTRY_AUTH_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f4ee7648a2087887 Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:21
        org: process.env.SENTRY_ORG,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #197a3a8b2c9dfc7e Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:22
        project: process.env.SENTRY_PROJECT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17351f2de10a4cde Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:25
          name: process.env.SENTRY_RELEASE ?? process.env.VITE_SENTRY_RELEASE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eea85e251e52b2c8 Filesystem access.
repo/packages/desktop/electron.vite.config.ts:76
            await fs.writeFile(`./out/main/chunks/${l}`, await fs.readFile(`${OPENCODE_SERVER_DIST}/${l}`))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc67b94471a49166 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:16
const repo = process.env.GH_REPO

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8457f326e07fc18d Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:19
const releaseId = process.env.OPENCODE_RELEASE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4bede27ec5c81265 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:22
const version = process.env.OPENCODE_VERSION

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b5430fc4006c689 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:25
const dir = process.env.LATEST_YML_DIR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8df4af958c1e5478 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:29
const token = process.env.GH_TOKEN ?? process.env.GITHUB_TOKEN

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #733a9747a430f2c0 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:126
  const tmp = process.env.RUNNER_TEMP ?? "/tmp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17f828d2eec943eb Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:207
const tmp = process.env.RUNNER_TEMP ?? "/tmp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7e94834511dd3dc Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-yml.ts:6
const dir = process.env.LATEST_YML_DIR!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6210d4fba69d32d Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-yml.ts:9
const repo = process.env.GH_REPO

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5944659770899e4 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-yml.ts:12
const version = process.env.OPENCODE_VERSION

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59a094e0119b2720 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-yml.ts:115
const tmp = process.env.RUNNER_TEMP ?? "/tmp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #28648c840e65b29b Environment-variable access.
repo/packages/desktop/scripts/predev.ts:3
await $`bun ./scripts/copy-icons.ts ${process.env.OPENCODE_CHANNEL ?? "dev"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #df136ec5dac57aaa Environment-variable access.
repo/packages/desktop/scripts/utils.ts:66
  if (process.platform === "win32" && process.env.GITHUB_ACTIONS === "true") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d77be80fbe36efd4 Environment-variable access.
repo/packages/desktop/src/main/apps.ts:27
  const home = process.env.HOME

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3722334aa7018473 Filesystem access.
repo/packages/desktop/src/main/apps.ts:58
    const content = await readFile(path, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de3292d417a900e4 Filesystem access.
repo/packages/desktop/src/main/attachment-picker.test.ts:27
      await writeFile(file, "lorem ipsum")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #590a18b78382d141 Filesystem access.
repo/packages/desktop/src/main/attachment-picker.test.ts:38
      await writeFile(file, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a0d3c1759a6b171 Environment-variable access.
repo/packages/desktop/src/main/index.ts:56
const TEST_ONBOARDING = process.env.OPENCODE_TEST_ONBOARDING === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c278acfd809b82a Environment-variable access.
repo/packages/desktop/src/main/index.ts:90
    const items = (process.env[key] ?? "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4746caecccdcb73 Environment-variable access.
repo/packages/desktop/src/main/index.ts:100
    process.env[key] = items.join(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #966fbf43f49463c5 Environment-variable access.
repo/packages/desktop/src/main/index.ts:115
  process.env.OPENCODE_DISABLE_EMBEDDED_WEB_UI = "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d44cdc7fdc9acb3 Environment-variable access.
repo/packages/desktop/src/main/index.ts:126
    process.env.OPENCODE_DB = ":memory:"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #293ca1db3260e8cf Environment-variable access.
repo/packages/desktop/src/main/index.ts:127
    process.env.XDG_DATA_HOME = join(root, "data")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0040ab502097dd4c Environment-variable access.
repo/packages/desktop/src/main/index.ts:128
    process.env.XDG_CONFIG_HOME = join(root, "config")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2b8703de0534f9d9 Environment-variable access.
repo/packages/desktop/src/main/index.ts:129
    process.env.XDG_CACHE_HOME = join(root, "cache")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6df67dab738fd243 Environment-variable access.
repo/packages/desktop/src/main/index.ts:130
    process.env.XDG_STATE_HOME = join(root, "state")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea2132c95ed74fc8 Environment-variable access.
repo/packages/desktop/src/main/index.ts:308
    const fromEnv = process.env.OPENCODE_PORT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61bace5182ed6886 Filesystem access.
repo/packages/desktop/src/main/logging.ts:93
    const contents = readFileSync(path, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a1bdb9f4daa584a Environment-variable access.
repo/packages/desktop/src/main/logging.ts:153
  const xdgData = process.env.XDG_DATA_HOME || join(homedir(), ".local", "share")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #80e8cad2ef1b0fb2 Filesystem access.
repo/packages/desktop/src/main/logging.ts:184
    const data = entry.data ?? readFileSync(entry.path!)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #00f38ed430b809b4 Filesystem access.
repo/packages/desktop/src/main/logging.ts:188
  writeFileSync(output, Buffer.from(await zip.arrayBuffer()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #279b5ada066a6d93 Environment-variable access.
repo/packages/desktop/src/main/migrate.ts:18
      return join(process.env.APPDATA ?? join(homedir(), "AppData", "Roaming"), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c14acb3bdf8809c5 Environment-variable access.
repo/packages/desktop/src/main/migrate.ts:20
      return join(process.env.XDG_DATA_HOME ?? join(homedir(), ".local", "share"), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01a0548f3428cc5d Filesystem access.
repo/packages/desktop/src/main/migrate.ts:42
    data = JSON.parse(readFileSync(datPath, "utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e2a4dfdab7586e8 Environment-variable access.
repo/packages/desktop/src/main/server.ts:51
    XDG_STATE_HOME: process.env.XDG_STATE_HOME ?? userDataPath,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f451063c06cfa89 Environment-variable access.
repo/packages/desktop/src/main/shell-env.ts:19
    return resolveUserShell(process.env.SHELL, userInfo().shell)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #575b194d238c54b5 Environment-variable access.
repo/packages/desktop/src/main/shell-env.ts:21
    return resolveUserShell(process.env.SHELL, undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f15109c012cd2d71 Environment-variable access.
repo/packages/desktop/src/main/sidecar.ts:87
    XDG_STATE_HOME: process.env.XDG_STATE_HOME ?? userDataPath,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4dfe2e8b9cf875f Environment-variable access.
repo/packages/desktop/src/main/sidecar.ts:94
    const items = (process.env[key] ?? "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #997cf6ef34fdb66e Environment-variable access.
repo/packages/desktop/src/main/sidecar.ts:104
    process.env[key] = items.join(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee8880a8c964a947 Filesystem access.
repo/packages/desktop/src/main/store-cleanup.test.ts:16
  await writeFile(join(root, name), value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7bf04f97f20d0fb1 Filesystem access.
repo/packages/desktop/src/main/store-cleanup.ts:84
  const raw = await readFile(file, "utf8").catch(() => undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7490ddbd8fdc39eb Environment-variable access.
repo/packages/desktop/src/main/windows.ts:292
  const devUrl = process.env.ELECTRON_RENDERER_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4443705b538050aa Environment-variable access.
repo/packages/desktop/src/main/windows.ts:455
  const devUrl = process.env.ELECTRON_RENDERER_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #316773feaac5970c Environment-variable access.
repo/packages/desktop/src/main/wsl/runtime.ts:389
  const root = process.env.SystemRoot ?? process.env.windir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c57ff2d38d606795 Environment-variable access.
repo/packages/enterprise/vite.config.ts:7
  const target = process.env.OPENCODE_DEPLOYMENT_TARGET

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b9e6aa78399a5eb9 Environment-variable access.
repo/packages/enterprise/vite.config.ts:26
      baseURL: process.env.OPENCODE_BASE_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #8d5937d415709634 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/function/src/api.ts:271
    const JWKS = createRemoteJWKSet(new URL(JWKS_URL))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #bbf6781339bfa49b Filesystem access.
repo/packages/http-recorder/script/verify-package.ts:16
    await writeFile(
      path.join(directory, "package.json"),
      JSON.stringify({ name: "http-recorder-consumer", private: true, type: "module" }),
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4b4200990788cc91 Filesystem access.
repo/packages/http-recorder/script/verify-package.ts:20
    await writeFile(
      path.join(directory, "consumer.ts"),
      `import { HttpRecorder } from "@opencode-ai/http-recorder"
import { NodeSocket } from "@effect/platform-node"
import { Layer } from "effect"
import { HttpClient } from "effect/unstable/http"
import { Socket } from "effect/unstable/socket"

const options: HttpRecorder.RecorderOptions = { redact: { jsonFields: ["access_token"] } }
HttpRecorder.http("consumer", options) satisfies Layer.Layer<HttpClient.HttpClient>
HttpRecorder.socket("consumer/socket", options).pipe(
  Layer.provide(NodeSocket.layerWebSocket("wss://example.test")),
) satisfies Layer.Layer<Socket.Socket>
`,
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12b330af638c2a30 Filesystem access.
repo/packages/http-recorder/script/verify-package.ts:35
    await writeFile(
      path.join(directory, "tsconfig.json"),
      JSON.stringify({
        compilerOptions: {
          target: "ES2022",
          module: "NodeNext",
          moduleResolution: "NodeNext",
          strict: true,
          noEmit: true,
          // Required by [email protected]: its schema.d.ts references an undeclared SchemaErrorTypeId.
          skipLibCheck: true,
          lib: ["ES2022", "DOM", "ESNext.Disposable"],
        },
        include: ["consumer.ts"],
      }),
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a39f07dc878c834d Environment-variable access.
repo/packages/http-recorder/src/recorder.ts:7
  const value = process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #d8df4cbfefb137e4 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/llm/script/recording-cost-report.ts:219
const models = (await (await fetch(MODELS_DEV_URL)).json()) as JsonRecord

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #cf25e8e52f9b5c45 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/llm/script/setup-recording-env.ts:44
      HttpClientRequest.get("https://api.anthropic.com/v1/models").pipe(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #8b1ed64e43121d60 Environment-variable access.
repo/packages/llm/script/setup-recording-env.ts:290
  if (process.env[name]) return "shell"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #730e899a074b2d53 Filesystem access.
repo/packages/opencode/bin/opencode:4
const fs = require("fs")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2d1d04c1824b527 Environment-variable access.
repo/packages/opencode/bin/opencode:46
const envPath = process.env.OPENCODE_BIN_PATH

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7c2a551f5d49aeb2 Filesystem access.
repo/packages/opencode/bin/opencode:81
      return /(^|\s)avx2(\s|$)/i.test(fs.readFileSync("/proc/cpuinfo", "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f029495f30784ee2 Filesystem access.
repo/packages/opencode/script/build.ts:4
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5984b2e79b45819f Environment-variable access.
repo/packages/opencode/script/build.ts:240
  await $`gh release upload v${Script.version} ./dist/*.zip ./dist/*.tar.gz --clobber --repo ${process.env.GH_REPO}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6a07a9ee5547ff78 Environment-variable access.
repo/packages/opencode/script/generate.ts:10
const modelsUrl = process.env.OPENCODE_MODELS_URL || "https://models.dev"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3c94519d9f5e6586 Environment-variable access.
repo/packages/opencode/script/generate.ts:11
export const modelsData = process.env.MODELS_DEV_API_JSON

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7c65078f1928a847 Environment-variable access.
repo/packages/opencode/script/generate.ts:12
  ? await Bun.file(process.env.MODELS_DEV_API_JSON).text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bd08ece3ac9b367f Filesystem access.
repo/packages/opencode/script/postinstall.mjs:4
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #93c55e6ddb3e5348 Filesystem access.
repo/packages/opencode/script/postinstall.mjs:12
const packageJson = JSON.parse(fs.readFileSync(path.join(__dirname, "package.json"), "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c9c8ad4bb8e7748 Filesystem access.
repo/packages/opencode/script/postinstall.mjs:36
      return /(^|\s)avx2(\s|$)/i.test(fs.readFileSync("/proc/cpuinfo", "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc6d78d16fd75a40 Environment-variable access.
repo/packages/opencode/script/publish.ts:199
  const token = process.env.GITHUB_TOKEN

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f91a5a2ec107c59f Environment-variable access.
repo/packages/opencode/specs/v2/api.ts:28
  value: process.env.OPENAI_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ea821f55b5865be Environment-variable access.
repo/packages/opencode/src/acp/profile.ts:1
const enabled = process.env.OPENCODE_ACP_PROFILE === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b6339a8c3f43e6f4 Environment-variable access.
repo/packages/opencode/src/auth/index.ts:59
      if (process.env.OPENCODE_AUTH_CONTENT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2928957ebad03121 Environment-variable access.
repo/packages/opencode/src/auth/index.ts:61
          return JSON.parse(process.env.OPENCODE_AUTH_CONTENT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75311dc0a0589efd Environment-variable access.
repo/packages/opencode/src/cli/cmd/acp.ts:23
    process.env.OPENCODE_CLIENT = "acp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b6670c2be4ab26e Filesystem access.
repo/packages/opencode/src/cli/cmd/agent.ts:6
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #431d90d6fb704b60 Environment-variable access.
repo/packages/opencode/src/cli/cmd/debug/index.ts:56
    const termProgram = process.env.TERM_PROGRAM

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #965b153dca13a884 Environment-variable access.
repo/packages/opencode/src/cli/cmd/debug/index.ts:57
      ? `${process.env.TERM_PROGRAM}${process.env.TERM_PROGRAM_VERSION ? ` ${process.env.TERM_PROGRAM_VERSION}` : ""}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #caabeebae9fc6c9b Environment-variable access.
repo/packages/opencode/src/cli/cmd/debug/index.ts:59
    const terminal = [termProgram, process.env.TERM].filter((item): item is string => Boolean(item)).join(" / ")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b95257cc8c956907 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:406
    const variant = process.env["VARIANT"] || undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a248581a1ae463c1 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:471
        const githubToken = process.env["GITHUB_TOKEN"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3c27b6b21c07860f Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:656
      const value = process.env["MODEL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b029a6d459676715 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:667
      const value = process.env["GITHUB_RUN_ID"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3e75b398acce65c2 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:673
      const value = process.env["SHARE"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b0750df233be14a Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:681
      const value = process.env["USE_GITHUB_TOKEN"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b031a26f12d2ad5 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:689
      const value = process.env["OIDC_BASE_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c54e061e9ebd879 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:724
      const customPrompt = process.env["PROMPT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb14bb1261cf7081 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:739
      const mentions = (process.env["MENTIONS"] || "/opencode,/oc")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #56dbef29bd45a541 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/cli/cmd/github.handler.ts:1583
      await fetch("https://api.github.com/installation/token", {
        method: "DELETE",
        headers: {
          Authorization: `Bearer ${appToken}`,
          Accept: "application/vnd.github+json",
          "X-GitHub-Api-Version": "2022-11-28",
        },
      })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #feff6859a488c8b7 Environment-variable access.
repo/packages/opencode/src/cli/cmd/providers.ts:277
        if (process.env[envVar]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #790a09635b0b1534 Environment-variable access.
repo/packages/opencode/src/cli/cmd/run.ts:333
      const root = Filesystem.resolve(process.env.PWD ?? process.cwd())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f01cbc6b47d3040c Filesystem access.
repo/packages/opencode/src/cli/cmd/run/runtime.stdin.ts:1
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb422a0a164041eb Filesystem access.
repo/packages/opencode/src/cli/cmd/run/trace.ts:14
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd0ac6751114e87c Environment-variable access.
repo/packages/opencode/src/cli/cmd/run/trace.ts:58
  if (!process.env.OPENCODE_DIRECT_TRACE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0314d207ef86fe07 Filesystem access.
repo/packages/opencode/src/cli/cmd/run/trace.ts:65
  fs.writeFileSync(
    latest(),
    text({
      time: new Date().toISOString(),
      pid: process.pid,
      cwd: process.cwd(),
      argv: process.argv.slice(2),
      path: target,
    }) + "\n",
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59ca403ab7942fac Environment-variable access.
repo/packages/opencode/src/cli/cmd/tui.ts:66
export function resolveThreadDirectory(project?: string, envPWD = process.env.PWD, cwd = process.cwd()) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82e3202a5afdb72e Filesystem access.
repo/packages/opencode/src/cli/cmd/uninstall.ts:6
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad51e41facb8f9ad Environment-variable access.
repo/packages/opencode/src/cli/cmd/uninstall.ts:236
  const shell = path.basename(process.env.SHELL || "bash")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #488ea15306f646fb Environment-variable access.
repo/packages/opencode/src/cli/cmd/uninstall.ts:238
  const xdgConfig = process.env.XDG_CONFIG_HOME || path.join(home, ".config")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #438ead9795be12a5 Filesystem access.
repo/packages/opencode/src/config/config.ts:9
import fsNode from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e06f65e84208ccd9 Filesystem access.
repo/packages/opencode/src/config/config.ts:15
import { existsSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d19b3b7e016c92b1 Filesystem access.
repo/packages/opencode/src/config/config.ts:271
              await fsNode.writeFile(path.join(Global.Path.config, "config.json"), JSON.stringify(result, null, 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b1ccecb52f2682fc Environment-variable access.
repo/packages/opencode/src/config/config.ts:468
        if (process.env.OPENCODE_CONFIG_CONTENT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c781110b21bae10 Environment-variable access.
repo/packages/opencode/src/config/config.ts:470
          const next = yield* loadConfig(process.env.OPENCODE_CONFIG_CONTENT, {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1d38f63a9a9dbdb3 Environment-variable access.
repo/packages/opencode/src/config/config.ts:491
              process.env["OPENCODE_CONSOLE_TOKEN"] = tokenOpt.value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5f01f632eefc6e9 Filesystem access.
repo/packages/opencode/src/config/managed.ts:3
import { existsSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9386341ebe428e74 Environment-variable access.
repo/packages/opencode/src/config/managed.ts:25
      return path.join(process.env.ProgramData || "C:\\ProgramData", "opencode")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4a0dca61931581d Environment-variable access.
repo/packages/opencode/src/config/managed.ts:32
  return process.env.OPENCODE_TEST_MANAGED_CONFIG_DIR || systemManagedConfigDir()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1910d32940b0c3cf Environment-variable access.
repo/packages/opencode/src/config/variable.ts:37
    return (input.env?.[varName] ?? process.env[varName]) || ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ceb42c71d89493e5 Filesystem access.
repo/packages/opencode/src/control-plane/dev/debug-workspace-plugin.ts:30
  await writeFile(
    DEV_DATA_TEMP_FILE,
    JSON.stringify(
      {
        port,
        id,
        env,
      },
      null,
      2,
    ),
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #43329388aacb80df Environment-variable access.
repo/packages/opencode/src/control-plane/workspace.ts:533
        OTEL_EXPORTER_OTLP_HEADERS: process.env.OTEL_EXPORTER_OTLP_HEADERS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1932fba9c571713 Environment-variable access.
repo/packages/opencode/src/control-plane/workspace.ts:534
        OTEL_EXPORTER_OTLP_ENDPOINT: process.env.OTEL_EXPORTER_OTLP_ENDPOINT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c1c3b04850418c2 Environment-variable access.
repo/packages/opencode/src/control-plane/workspace.ts:535
        OTEL_RESOURCE_ATTRIBUTES: process.env.OTEL_RESOURCE_ATTRIBUTES,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aa745ecc3db2e4f0 Environment-variable access.
repo/packages/opencode/src/ide/index.ts:23
  if (process.env["TERM_PROGRAM"] === "vscode") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d89f3ec49efe3b7 Environment-variable access.
repo/packages/opencode/src/ide/index.ts:24
    const v = process.env["GIT_ASKPASS"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7807208f936cdd8f Environment-variable access.
repo/packages/opencode/src/ide/index.ts:33
  return process.env["OPENCODE_CALLER"] === "vscode" || process.env["OPENCODE_CALLER"] === "vscode-insiders"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5351c5f50b9e2bd5 Environment-variable access.
repo/packages/opencode/src/index.ts:67
    if (opts.printLogs) process.env.OPENCODE_PRINT_LOGS = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #66b5f5936a4ef54a Environment-variable access.
repo/packages/opencode/src/index.ts:68
    if (opts.logLevel) process.env.OPENCODE_LOG_LEVEL = opts.logLevel

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2baaf97f3b31d40 Environment-variable access.
repo/packages/opencode/src/index.ts:70
      process.env.OPENCODE_PURE = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa2fd021e5dce2a6 Environment-variable access.
repo/packages/opencode/src/index.ts:75
    process.env.AGENT = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39ee0de8f05650fe Environment-variable access.
repo/packages/opencode/src/index.ts:76
    process.env.OPENCODE = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #877a2194342b00eb Environment-variable access.
repo/packages/opencode/src/index.ts:77
    process.env.OPENCODE_PID = String(process.pid)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #656a74927404f5a9 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:147
        const response = yield* httpOk.execute(HttpClientRequest.get("https://opencode.ai/install"))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #35afe321001ef974 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:219
            HttpClientRequest.get("https://formulae.brew.sh/api/formula/opencode.json").pipe(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #8812716d514c8955 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:239
            HttpClientRequest.get(
              "https://community.chocolatey.org/api/v2/Packages?$filter=Id%20eq%20%27opencode%27%20and%20IsLatestVersion&$select=Version",
            ).pipe(HttpClientRequest.setHeaders({ Accept: "application/json;odata=verbose" })),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #4176842b6b94561f Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:249
            HttpClientRequest.get(
              "https://raw.githubusercontent.com/ScoopInstaller/Main/master/bucket/opencode.json",
            ).pipe(HttpClientRequest.setHeaders({ Accept: "application/json" })),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #ba0d34fa756c62cd Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:258
          HttpClientRequest.get("https://api.github.com/repos/anomalyco/opencode/releases/latest").pipe(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #64bd8f633f0c7141 Filesystem access.
repo/packages/opencode/src/lsp/server.ts:6
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #e45a5785d77a2dba Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:183
      const response = await fetch("https://github.com/microsoft/vscode-eslint/archive/refs/heads/main.zip")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #c705a0fcb38e5dc8 Environment-variable access.
repo/packages/opencode/src/lsp/server.ts:445
    const potentialVenvPaths = [process.env["VIRTUAL_ENV"], path.join(root, ".venv"), path.join(root, "venv")].filter(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b19ba8fb2f9af6bb Environment-variable access.
repo/packages/opencode/src/lsp/server.ts:502
    const potentialVenvPaths = [process.env["VIRTUAL_ENV"], path.join(root, ".venv"), path.join(root, "venv")].filter(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #5cbca1805cea2813 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:552
        const response = await fetch("https://github.com/elixir-lsp/elixir-ls/archive/refs/heads/master.zip")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #0cbc740c37937ab2 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:600
      const releaseResponse = await fetch("https://api.github.com/repos/zigtools/zls/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #a2c5e5c47325b329 Environment-variable access.
repo/packages/opencode/src/lsp/server.ts:779
    process.env.DOTNET_CLI_HOME ?? os.homedir(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a8740e2506060cb Environment-variable access.
repo/packages/opencode/src/lsp/server.ts:789
    process.env.VSCODE_EXTENSIONS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #90dd11eb6f2d902d Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:976
    const releaseResponse = await fetch("https://api.github.com/repos/clangd/clangd/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #3a696f262d95a8d7 Filesystem access.
repo/packages/opencode/src/lsp/server.ts:1171
        const content = await fs.readFile(pomFiles[i], "utf-8").catch(() => null)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #e018b39ddaf9f6cf Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1210
      const download = await fetch(releaseURL)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #609ff3f9573c8d57 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1297
      const releaseResponse = await fetch("https://api.github.com/repos/Kotlin/kotlin-lsp/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #21fe437fe9fb006e Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1405
      const releaseResponse = await fetch("https://api.github.com/repos/LuaLS/lua-language-server/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #a6dfbf95d8da88cf Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1632
      const releaseResponse = await fetch("https://api.releases.hashicorp.com/v1/releases/terraform-ls/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #7516c25206fddb9b Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1705
      const response = await fetch("https://api.github.com/repos/latex-lsp/texlab/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #8559bdc92b833504 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1877
      const response = await fetch("https://api.github.com/repos/Myriad-Dreamin/tinymist/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #c4227dc8f8f99261 Environment-variable access.
repo/packages/opencode/src/plugin/azure.ts:5
  if (!process.env.AZURE_RESOURCE_NAME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ea97746e96d8d28 Environment-variable access.
repo/packages/opencode/src/plugin/cloudflare.ts:4
  const prompts = !process.env.CLOUDFLARE_ACCOUNT_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #057fdf99fd0ada13 Environment-variable access.
repo/packages/opencode/src/plugin/cloudflare.ts:31
    ...(!process.env.CLOUDFLARE_ACCOUNT_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #164d62c048061a36 Environment-variable access.
repo/packages/opencode/src/plugin/cloudflare.ts:41
    ...(!process.env.CLOUDFLARE_GATEWAY_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #c5e25fcc48312a68 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/digitalocean.ts:170
  const res = await fetch(`${DO_GENAI_API}/models/routers`, {
    headers: {
      Authorization: `Bearer ${bearer}`,
      Accept: "application/json",
      "User-Agent": `opencode/${InstallationVersion}`,
    },
    signal: AbortSignal.timeout(10_000),
  }).catch(() => undefined)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #1d40efb12167ef3e Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/openai/codex.ts:108
  const response = await fetch(`${ISSUER}/oauth/token`, {
    method: "POST",
    headers: { "Content-Type": "application/x-www-form-urlencoded" },
    body: new URLSearchParams({
      grant_type: "authorization_code",
      code,
      redirect_uri: redirectUri,
      client_id: CLIENT_ID,
      code_verifier: pkce.verifier,
    }).toString(),
  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #46dd54f6cc719c66 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/openai/codex.ts:455
            const deviceResponse = await fetch(`${ISSUER}/api/accounts/deviceauth/usercode`, {
              method: "POST",
              headers: {
                "Content-Type": "application/json",
                "User-Agent": `opencode/${InstallationVersion}`,
              },
              body: JSON.stringify({ client_id: CLIENT_ID }),
            })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #edfeab1a34937f3c Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/openai/codex.ts:479
                  const response = await fetch(`${ISSUER}/api/accounts/deviceauth/token`, {
                    method: "POST",
                    headers: {
                      "Content-Type": "application/json",
                      "User-Agent": `opencode/${InstallationVersion}`,
                    },
                    body: JSON.stringify({
                      device_auth_id: deviceData.device_auth_id,
                      user_code: deviceData.user_code,
                    }),
                  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #23a91545d7d7dd91 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/openai/codex.ts:497
                    const tokenResponse = await fetch(`${ISSUER}/oauth/token`, {
                      method: "POST",
                      headers: { "Content-Type": "application/x-www-form-urlencoded" },
                      body: new URLSearchParams({
                        grant_type: "authorization_code",
                        code: data.authorization_code,
                        redirect_uri: `${ISSUER}/deviceauth/callback`,
                        client_id: CLIENT_ID,
                        code_verifier: data.code_verifier,
                      }).toString(),
                    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #17c8cdd593d49714 Filesystem access.
repo/packages/opencode/src/project/project.ts:327
      const buffer = yield* fs.readFile(shortest).pipe(Effect.orDie)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af419fef12926748 Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:306
        const envToken = process.env.AWS_BEARER_TOKEN_BEDROCK

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #656a715a469fbc3f Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:309
          process.env.AWS_BEARER_TOKEN_BEDROCK = auth.key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2b30ddf623baddf Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:318
        process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI || process.env.AWS_CONTAINER_CREDENTIALS_FULL_URI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a16db94f35d24634 Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:566
        const envAICoreServiceKey = process.env.AICORE_SERVICE_KEY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85f4b878c0fb6d58 Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:569
          process.env.AICORE_SERVICE_KEY = auth.key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #19e320080e265a9b Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:574
      const deploymentId = process.env.AICORE_DEPLOYMENT_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac8f40233c0db7a9 Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:575
      const resourceGroup = process.env.AICORE_RESOURCE_GROUP

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #6bd3b2a358c9b365 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/server/shared/ui.ts:9
export const UI_UPSTREAM = new URL("https://app.opencode.ai")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #3c577b8b2963c155 Filesystem access.
repo/packages/opencode/src/server/shared/ui.ts:72
  return fs.readFile(file).pipe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #02fd05f6ef85c81c Filesystem access.
repo/packages/opencode/src/session/prompt.ts:964
                    Buffer.from(yield* fsys.readFile(filepath).pipe(Effect.catch(Effect.die))).toString("base64"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #24fed999065c47de Environment-variable access.
repo/packages/opencode/src/share/share-next.ts:23
const disabled = process.env["OPENCODE_DISABLE_SHARE"] === "true" || process.env["OPENCODE_DISABLE_SHARE"] === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a9e74a927310b5e Environment-variable access.
repo/packages/opencode/src/temporary.ts:27
    if (opts.printLogs) process.env.OPENCODE_PRINT_LOGS = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #be81d8f165833cdd Environment-variable access.
repo/packages/opencode/src/temporary.ts:28
    if (opts.logLevel) process.env.OPENCODE_LOG_LEVEL = opts.logLevel

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8775d6c825acde79 Filesystem access.
repo/packages/opencode/src/tool/apply_patch.ts:115
            const source = yield* Bom.readFile(afs, filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f90b39927496e734 Filesystem access.
repo/packages/opencode/src/tool/apply_patch.ts:162
            const source = yield* Bom.readFile(afs, filePath).pipe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8980957e35364ac1 Filesystem access.
repo/packages/opencode/src/tool/edit.ts:126
              const source = yield* Bom.readFile(afs, filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb4a5e692f93903c Environment-variable access.
repo/packages/opencode/src/tool/mcp-websearch.ts:4
export const EXA_URL = process.env.EXA_API_KEY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0b7c9147ffc71c0 Environment-variable access.
repo/packages/opencode/src/tool/mcp-websearch.ts:5
  ? `https://mcp.exa.ai/mcp?exaApiKey=${encodeURIComponent(process.env.EXA_API_KEY)}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8555a2e837b499d1 Filesystem access.
repo/packages/opencode/src/tool/read.ts:307
        const bytes = yield* fs.readFile(filepath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7245cfb29c78554b Environment-variable access.
repo/packages/opencode/src/tool/shell.ts:142
  if (process.platform !== "win32") return process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34e8a5798e3beed1 Environment-variable access.
repo/packages/opencode/src/tool/shell.ts:144
  return name ? process.env[name] : undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #da61f843ecd5e351 Environment-variable access.
repo/packages/opencode/src/tool/websearch.ts:31
  const override = process.env.OPENCODE_WEBSEARCH_PROVIDER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #20af15d79a851c27 Environment-variable access.
repo/packages/opencode/src/tool/websearch.ts:56
  if (!process.env.PARALLEL_API_KEY) return headers

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #89c6eff4536a9a39 Environment-variable access.
repo/packages/opencode/src/tool/websearch.ts:57
  return { ...headers, Authorization: `Bearer ${process.env.PARALLEL_API_KEY}` }

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #077e5eeea18aad7e Filesystem access.
repo/packages/opencode/src/tool/write.ts:47
          const source = exists ? yield* Bom.readFile(fs, filepath) : { bom: false, text: "" }

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7cb517ddc1f0245 Filesystem access.
repo/packages/opencode/src/util/bom.ts:19
  return split(new TextDecoder("utf-8", { ignoreBOM: true }).decode(yield* fs.readFile(filePath)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e603a94670059e12 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:1
import { chmod, mkdir, readFile, stat as statFile, writeFile } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba2d5d3840e3d8aa Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:2
import { createWriteStream, existsSync, statSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb482b36aface0bb Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:3
import { realpathSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85f43db5cfbda85b Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:41
  return readFile(p, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b007d9a1be80ff68 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:45
  return JSON.parse(await readFile(p, "utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f8f24f1764258beb Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:49
  return readFile(p)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13d835b266645dc6 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:53
  const buf = await readFile(p)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf6b4e7990705e66 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:64
      await writeFile(p, content, { mode })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a743968c1c31ce25 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:66
      await writeFile(p, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd2502e0d021b949 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:72
        await writeFile(p, content, { mode })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f7f7d164d31ef6a Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:74
        await writeFile(p, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cac391438f28ae35 Environment-variable access.
repo/packages/opencode/src/util/proxy-env.ts:69
  return process.env[key.toLowerCase()] || process.env[key.toUpperCase()] || ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5cad3de777c63535 Environment-variable access.
repo/packages/opencode/src/util/repository.ts:100
  const base = process.env.OPENCODE_REPO_CLONE_GITHUB_BASE_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec0f3122327835cb Environment-variable access.
repo/packages/script/src/index.ts:21
  OPENCODE_CHANNEL: process.env["OPENCODE_CHANNEL"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #483904dbab63ae8a Environment-variable access.
repo/packages/script/src/index.ts:22
  OPENCODE_BUMP: process.env["OPENCODE_BUMP"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #58ce05af7e7be0a2 Environment-variable access.
repo/packages/script/src/index.ts:23
  OPENCODE_VERSION: process.env["OPENCODE_VERSION"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34e2a726da368a07 Environment-variable access.
repo/packages/script/src/index.ts:24
  OPENCODE_RELEASE: process.env["OPENCODE_RELEASE"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #ae1171ed7e43653f Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/script/src/index.ts:37
  const version = await fetch("https://registry.npmjs.org/opencode-ai/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #aeb8f9974acbc689 Environment-variable access.
repo/packages/server/src/auth.ts:53
  const password = credentials?.password ?? process.env.OPENCODE_SERVER_PASSWORD

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #593e3bef85ef583d Environment-variable access.
repo/packages/server/src/auth.ts:56
  return `Basic ${Buffer.from(`${credentials?.username ?? process.env.OPENCODE_SERVER_USERNAME ?? "opencode"}:${password}`).toString("base64")}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1201b4f237badac8 Filesystem access.
repo/packages/session-ui/src/components/file-media.tsx:104
    void input.readFile(input.path).then(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0633347b3162723e Environment-variable access.
repo/packages/slack/src/index.ts:5
  token: process.env.SLACK_BOT_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34e7cc452682383d Environment-variable access.
repo/packages/slack/src/index.ts:6
  signingSecret: process.env.SLACK_SIGNING_SECRET,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82c5c9d5f5898ba7 Environment-variable access.
repo/packages/slack/src/index.ts:8
  appToken: process.env.SLACK_APP_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1661586b59e8dc34 Environment-variable access.
repo/packages/slack/src/index.ts:12
console.log("- Bot token present:", !!process.env.SLACK_BOT_TOKEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0eb142471d23897 Environment-variable access.
repo/packages/slack/src/index.ts:13
console.log("- Signing secret present:", !!process.env.SLACK_SIGNING_SECRET)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c0b4b91f690e5de5 Environment-variable access.
repo/packages/slack/src/index.ts:14
console.log("- App token present:", !!process.env.SLACK_APP_TOKEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #778fcd21ca6fb9a3 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/stats/app/src/routes/api/newsletter.ts:17
  const response = await fetch(`https://api.emailoctopus.com/lists/${listId}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      email_address: emailAddress.trim(),
    }),
  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #b2459912f9da5dcf Environment-variable access.
repo/packages/stats/core/src/domain/home.ts:259
  return process.env.DATABASE_URL ?? Resource.StatsDatabase.url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8cbafd85e0bbf6df Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:32
    process.env.PLANETSCALE_HOST &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e99e2516ce98918 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:33
    process.env.PLANETSCALE_USERNAME &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #713ae17ba3b339c5 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:34
    process.env.PLANETSCALE_PASSWORD &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2296cfa1d36404e7 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:35
    process.env.PLANETSCALE_DATABASE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #df93dacb0cfdf270 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:37
    return `mysql://${encodeURIComponent(process.env.PLANETSCALE_USERNAME)}:${encodeURIComponent(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #645d41bccefa0669 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:38
      process.env.PLANETSCALE_PASSWORD,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e14746b0bc706a19 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:39
    )}@${process.env.PLANETSCALE_HOST}/${process.env.PLANETSCALE_DATABASE}?ssl=${encodeURIComponent(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c6eb76a617e52d0c Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:43
  return process.env.DATABASE_URL ?? Resource.StatsDatabase.url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7455b8ccfacb16e Environment-variable access.
repo/packages/stats/core/src/honeycomb-backfill.ts:944
    databaseUrl: flags.get("database-url")?.[0] ?? process.env.DATABASE_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a8078babdd29d39c Filesystem access.
repo/packages/storybook/.storybook/playground-css-plugin.ts:117
              const content = fs.readFileSync(abs, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d43e8db25d92065 Filesystem access.
repo/packages/storybook/.storybook/playground-css-plugin.ts:122
                fs.writeFileSync(abs, applied.content, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d150cc283161411c Environment-variable access.
repo/packages/tui/src/app.tsx:267
                        multiplexer: process.env.TMUX ? "tmux" : process.env.STY ? "screen" : undefined,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e1adaf90acdcf66e Environment-variable access.
repo/packages/tui/src/app.tsx:268
                        displayServer: process.env.WAYLAND_DISPLAY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1a9e140a860311d7 Environment-variable access.
repo/packages/tui/src/app.tsx:270
                          : process.env.DISPLAY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #adcdf9ebdbf99e08 Environment-variable access.
repo/packages/tui/src/app.tsx:277
                          initialRoute: process.env.OPENCODE_ROUTE ? JSON.parse(process.env.OPENCODE_ROUTE) : undefined,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #73710a63c358be57 Environment-variable access.
repo/packages/tui/src/app.tsx:278
                          skipInitialLoading: Boolean(process.env.OPENCODE_FAST_BOOT),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c747e10abccf6a7b Filesystem access.
repo/packages/tui/src/audio.ts:28
  const task = readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bcc024aa171f52f7 Environment-variable access.
repo/packages/tui/src/clipboard.ts:26
  process.stdout.write(process.env.TMUX || process.env.STY ? `\x1bPtmux;\x1b${sequence}\x1b\\` : sequence)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #76868af539398d77 Filesystem access.
repo/packages/tui/src/clipboard.ts:45
      return { data: (await readFile(file)).toString("base64"), mime: "image/png" }

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a217436500d6bd86 Environment-variable access.
repo/packages/tui/src/clipboard.ts:101
    const native = copyCommand(platform(), Boolean(process.env.WAYLAND_DISPLAY), (name) => Boolean(which(name)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #43aabfc8af6358bb Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/tui/src/component/error-component.tsx:207
  const url = new URL("https://github.com/anomalyco/opencode/issues/new?template=bug-report.yml")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #619a55566b33176e Filesystem access.
repo/packages/tui/src/component/prompt/local-attachment.ts:17
      readText: (value) => readFile(value, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61a280dc9feb53d2 Filesystem access.
repo/packages/tui/src/component/prompt/local-attachment.ts:18
      readBytes: (value) => readFile(value),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d9a416b193831ea Environment-variable access.
repo/packages/tui/src/context/editor.ts:117
    const value = process.env.CLAUDE_CODE_SSE_PORT || process.env.OPENCODE_EDITOR_SSE_PORT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a708a32f798bc6b0 Environment-variable access.
repo/packages/tui/src/context/editor.ts:121
    const zedTerminal = process.env.ZED_TERM === "true" || process.env.TERM_PROGRAM?.toLowerCase() === "zed"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a859679aa3cdefb Filesystem access.
repo/packages/tui/src/context/theme.tsx:57
      result[path.basename(file, ".json")] = JSON.parse(await readFile(file, "utf8")) as unknown

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #762f58b4bbf5c0da Filesystem access.
repo/packages/tui/src/editor-zed.ts:67
      : await readFileAsync(row.buffer_path, "utf8").catch(() => undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #856f8c3473c3082d Environment-variable access.
repo/packages/tui/src/editor-zed.ts:189
    process.env.OPENCODE_ZED_DB,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bcbc5c6f8f028238 Environment-variable access.
repo/packages/tui/src/editor-zed.ts:198
  return process.env.ZED_TERM === "true" || process.env.TERM_PROGRAM?.toLowerCase() === "zed"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81d4967d1aa2676d Environment-variable access.
repo/packages/tui/src/editor.ts:27
  const editor = process.env.VISUAL || process.env.EDITOR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d3579a4041c42d79 Filesystem access.
repo/packages/tui/src/editor.ts:30
  await writeFile(file, input.value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ef6bd2b598f5b7d Filesystem access.
repo/packages/tui/src/editor.ts:47
    return (await readFile(file, "utf8")) || undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #161c69732b3f6cbf Filesystem access.
repo/packages/tui/src/editor.ts:71
          const value = JSON.parse(readFileSync(file, "utf8")) as Record<string, unknown>

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #57ca2c47dc485545 Filesystem access.
repo/packages/tui/src/routes/session/index.tsx:183
    await writeFile(file, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44f3578b3f722ecf Filesystem access.
repo/packages/tui/src/util/persistence.ts:2
import { appendFile, mkdir, rename, rm } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ed87709442c3f72 Environment-variable access.
repo/packages/tui/src/util/system.ts:16
  const program = process.env.TERM_PROGRAM || process.env.TERM || "unknown"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #312b56aff4bebf5e Environment-variable access.
repo/packages/tui/src/util/system.ts:17
  const version = process.env.TERM_PROGRAM_VERSION ? ` ${process.env.TERM_PROGRAM_VERSION}` : ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #da0d1f9553ce415a Environment-variable access.
repo/packages/tui/src/util/system.ts:18
  const multiplexer = process.env.TMUX ? " in tmux" : process.env.STY ? " in screen" : ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1df3260b4449e8b4 Filesystem access.
repo/packages/ui/vite.config.ts:4
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b63c5649f91f4b8 Environment-variable access.
repo/packages/ui/vite.config.ts:48
  const url = process.env.OPENCODE_MODELS_URL || "https://models.dev"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9faf0f895c9d51b9 Filesystem access.
repo/packages/ui/vite.config.ts:56
        .then((svg) => fs.writeFileSync(`./src/assets/icons/provider/${provider}.svg`, svg)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e77e51ca1667263f Environment-variable access.
repo/packages/web/config.mjs:1
const stage = process.env.SST_STAGE || "dev"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a569baf22a77de8c Filesystem access.
repo/script/beta.ts:4
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56ea658af5c5e4be Environment-variable access.
repo/script/beta.ts:61
  if (process.env.GITHUB_ACTIONS !== "true") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #be743a3be42de2ce Filesystem access.
repo/script/changelog.ts:3
import { rm } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef3db23dd9e0034d Environment-variable access.
repo/script/github/close-issues.ts:7
const token = process.env.GITHUB_TOKEN

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8eff73265e16e6c Environment-variable access.
repo/script/github/close-prs.ts:346
  const envToken = process.env.GITHUB_TOKEN ?? process.env.GH_TOKEN

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #705621d5310b7571 Environment-variable access.
repo/script/publish.ts:72
  await $`gh release edit ${tag} --draft=false --repo ${process.env.GH_REPO}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #87e7d7a1ee2f59f9 Environment-variable access.
repo/script/raw-changelog.ts:25
const repo = process.env.GH_REPO ?? "anomalyco/opencode"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a665e221a111ff42 Environment-variable access.
repo/script/stats.ts:4
  const key = process.env["POSTHOG_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #7f93267f9dbb0b82 Hardcoded external endpoint. Review what data is sent to this destination.
repo/script/stats.ts:11
  const response = await fetch("https://us.i.posthog.com/i/v0/e/", {
    method: "POST",
    headers: {
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      distinct_id: "download",
      api_key: key,
      event,
      properties: {
        ...properties,
      },
    }),
  }).catch(() => null)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #002bdba96b3cb8e3 Environment-variable access.
repo/script/version.ts:7
const sha = process.env.GITHUB_SHA ?? (await $`git rev-parse HEAD`.text()).trim()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #68ba5ff7638f2017 Environment-variable access.
repo/script/version.ts:15
  const dir = process.env.RUNNER_TEMP ?? "/tmp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee9f2c3b3b9fe18a Environment-variable access.
repo/script/version.ts:23
  await $`gh release create v${Script.version} -d --title "v${Script.version}" --repo ${process.env.GH_REPO}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0066a21852eeabd2 Environment-variable access.
repo/script/version.ts:25
    await $`gh release view v${Script.version} --json tagName,databaseId --repo ${process.env.GH_REPO}`.json()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cab536b9686997aa Environment-variable access.
repo/script/version.ts:30
output.push(`repo=${process.env.GH_REPO}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e1bdcc1f936c90ba Environment-variable access.
repo/script/version.ts:32
if (process.env.GITHUB_OUTPUT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6283845f40f1f189 Environment-variable access.
repo/script/version.ts:33
  await Bun.write(process.env.GITHUB_OUTPUT, output.join("\n"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2d0132ff7e3d4286 Environment-variable access.
repo/sst.config.ts:14
          profile: process.env.GITHUB_ACTIONS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2c53e49b13ba544e Environment-variable access.
repo/sst.config.ts:22
          apiKey: process.env.STRIPE_SECRET_KEY!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/opencode

npm first-party
high pii_flow production #c6ce4b7dcd3a35ed User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/script/generate.ts:13 · flow /tmp/closeopen-92vkrbwj/repo/packages/opencode/script/generate.ts:10 → /tmp/closeopen-92vkrbwj/repo/packages/opencode/script/generate.ts:13
  : await fetch(`${modelsUrl}/api.json`).then((x) => x.text())

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #dbec76d4c8651246 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/cli/cmd/github.handler.ts:791 · flow /tmp/closeopen-92vkrbwj/repo/packages/opencode/src/cli/cmd/github.handler.ts:471 → /tmp/closeopen-92vkrbwj/repo/packages/opencode/src/cli/cmd/github.handler.ts:791
        const res = await fetch(url, {
          headers: {
            Authorization: `Bearer ${appToken}`,
            Accept: "application/vnd.github.v3+json",
          },
        })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #80926acfcc0fe4b2 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/cli/cmd/github.handler.ts:1583 · flow /tmp/closeopen-92vkrbwj/repo/packages/opencode/src/cli/cmd/github.handler.ts:471 → /tmp/closeopen-92vkrbwj/repo/packages/opencode/src/cli/cmd/github.handler.ts:1583
      await fetch("https://api.github.com/installation/token", {
        method: "DELETE",
        headers: {
          Authorization: `Bearer ${appToken}`,
          Accept: "application/vnd.github+json",
          "X-GitHub-Api-Version": "2022-11-28",
        },
      })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #65185332411526b0 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/openai/codex.ts:479 · flow /tmp/closeopen-92vkrbwj/repo/packages/opencode/src/plugin/openai/codex.ts:487 → /tmp/closeopen-92vkrbwj/repo/packages/opencode/src/plugin/openai/codex.ts:479
                  const response = await fetch(`${ISSUER}/api/accounts/deviceauth/token`, {
                    method: "POST",
                    headers: {
                      "Content-Type": "application/json",
                      "User-Agent": `opencode/${InstallationVersion}`,
                    },
                    body: JSON.stringify({
                      device_auth_id: deviceData.device_auth_id,
                      user_code: deviceData.user_code,
                    }),
                  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #6468c4e71d6d546c User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/openai/codex.ts:497 · flow /tmp/closeopen-92vkrbwj/repo/packages/opencode/src/plugin/openai/codex.ts:487 → /tmp/closeopen-92vkrbwj/repo/packages/opencode/src/plugin/openai/codex.ts:497
                    const tokenResponse = await fetch(`${ISSUER}/oauth/token`, {
                      method: "POST",
                      headers: { "Content-Type": "application/x-www-form-urlencoded" },
                      body: new URLSearchParams({
                        grant_type: "authorization_code",
                        code: data.authorization_code,
                        redirect_uri: `${ISSUER}/deviceauth/callback`,
                        client_id: CLIENT_ID,
                        code_verifier: data.code_verifier,
                      }).toString(),
                    })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #d8ab3d91487fdd5e User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:149 · flow /tmp/closeopen-92vkrbwj/repo/packages/opencode/src/plugin/xai.ts:149 → /tmp/closeopen-92vkrbwj/repo/packages/opencode/src/plugin/xai.ts:149
  const response = await fetch(options.tokenUrl ?? TOKEN_URL, {
    method: "POST",
    headers: authHeaders(),
    body: new URLSearchParams({
      grant_type: "authorization_code",
      code,
      redirect_uri: REDIRECT_URI,
      client_id: CLIENT_ID,
      code_verifier: pkce.verifier,
    }).toString(),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #19ce14bd763385d4 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:168 · flow /tmp/closeopen-92vkrbwj/repo/packages/opencode/src/plugin/xai.ts:168 → /tmp/closeopen-92vkrbwj/repo/packages/opencode/src/plugin/xai.ts:168
  const response = await fetch(options.tokenUrl ?? TOKEN_URL, {
    method: "POST",
    headers: authHeaders(),
    body: new URLSearchParams({
      grant_type: "refresh_token",
      refresh_token: refreshToken,
      client_id: CLIENT_ID,
    }).toString(),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #61469af03d5cc679 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:251 · flow /tmp/closeopen-92vkrbwj/repo/packages/opencode/src/plugin/xai.ts:251 → /tmp/closeopen-92vkrbwj/repo/packages/opencode/src/plugin/xai.ts:251
    const response = await fetch(options.tokenUrl ?? TOKEN_URL, {
      method: "POST",
      headers: authHeaders(),
      body: new URLSearchParams({
        grant_type: DEVICE_CODE_GRANT_TYPE,
        client_id: CLIENT_ID,
        device_code: device.device_code,
      }).toString(),
    })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #d09f1ad7c8245cb0 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/session/llm/native-runtime.ts:90 · flow /tmp/closeopen-92vkrbwj/repo/packages/opencode/src/session/llm/native-runtime.ts:92 → /tmp/closeopen-92vkrbwj/repo/packages/opencode/src/session/llm/native-runtime.ts:90
  const request = LLMNative.request({
    model: input.model,
    apiKey: current.apiKey,
    baseURL: current.baseURL,
    messages: ProviderTransform.message(input.messages, input.model, input.providerOptions ?? {}),
    toolChoice: input.toolChoice,
    temperature: input.temperature,
    topP: input.topP,
    topK: input.topK,
    maxOutputTokens: input.maxOutputTokens,
    providerOptions: ProviderTransform.providerOptions(input.model, input.providerOptions ?? {}),
    headers: { ...providerHeaders(input.provider.options.headers), ...input.headers },
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry production #5a510c7e97fe2ed4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/cli/cmd/debug/snapshot.ts:17
    const out = yield* Snapshot.Service.use((svc) => svc.track())

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #cbb361c61b81b39a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:153
            return scope.track(typeof dispose === "function" ? (dispose as () => void) : undefined)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #715968f2014c87d2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:173
        return scope.track(
          attention.soundboard.registerPack({
            ...pack,
            sounds: resolveHostAttentionSoundPaths(root, pack.sounds, { trim: true }),
          }),
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e71bed420bccd709 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:199
      return scope.track(mode.push(value))

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8683a14b8f779958 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:579
      return scope.track(api.route.register(list))

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #5cf9bd2a5dc984b3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:595
      return scope.track(api.event.on(type, handler))

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8a44fda8d03532eb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:607
      scope.track(host.register({ ...plugin, id }))

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fe7558e7fa19a946 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/session/processor.ts:102
      const initialSnapshot = yield* snapshot.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e75b037463b44a31 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/session/processor.ts:425
            if (!ctx.snapshot) ctx.snapshot = yield* snapshot.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #cb3f88c00175a1ea Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/session/processor.ts:436
            const completedSnapshot = yield* snapshot.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #51478a8ce3bb4897 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/session/revert.ts:70
      rev.snapshot = session.revert?.snapshot ?? (yield* snap.track())

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #202e7cf77ba8b7d4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/snapshot/index.ts:780
        return yield* InstanceState.useEffect(state, (s) => s.track())

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 134 low-confidence finding(s)
low env_fs production #730e899a074b2d53 Filesystem access.
repo/packages/opencode/bin/opencode:4
const fs = require("fs")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2d1d04c1824b527 Environment-variable access.
repo/packages/opencode/bin/opencode:46
const envPath = process.env.OPENCODE_BIN_PATH

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7c2a551f5d49aeb2 Filesystem access.
repo/packages/opencode/bin/opencode:81
      return /(^|\s)avx2(\s|$)/i.test(fs.readFileSync("/proc/cpuinfo", "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f029495f30784ee2 Filesystem access.
repo/packages/opencode/script/build.ts:4
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5984b2e79b45819f Environment-variable access.
repo/packages/opencode/script/build.ts:240
  await $`gh release upload v${Script.version} ./dist/*.zip ./dist/*.tar.gz --clobber --repo ${process.env.GH_REPO}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6a07a9ee5547ff78 Environment-variable access.
repo/packages/opencode/script/generate.ts:10
const modelsUrl = process.env.OPENCODE_MODELS_URL || "https://models.dev"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3c94519d9f5e6586 Environment-variable access.
repo/packages/opencode/script/generate.ts:11
export const modelsData = process.env.MODELS_DEV_API_JSON

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7c65078f1928a847 Environment-variable access.
repo/packages/opencode/script/generate.ts:12
  ? await Bun.file(process.env.MODELS_DEV_API_JSON).text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bd08ece3ac9b367f Filesystem access.
repo/packages/opencode/script/postinstall.mjs:4
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #93c55e6ddb3e5348 Filesystem access.
repo/packages/opencode/script/postinstall.mjs:12
const packageJson = JSON.parse(fs.readFileSync(path.join(__dirname, "package.json"), "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c9c8ad4bb8e7748 Filesystem access.
repo/packages/opencode/script/postinstall.mjs:36
      return /(^|\s)avx2(\s|$)/i.test(fs.readFileSync("/proc/cpuinfo", "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc6d78d16fd75a40 Environment-variable access.
repo/packages/opencode/script/publish.ts:199
  const token = process.env.GITHUB_TOKEN

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f91a5a2ec107c59f Environment-variable access.
repo/packages/opencode/specs/v2/api.ts:28
  value: process.env.OPENAI_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ea821f55b5865be Environment-variable access.
repo/packages/opencode/src/acp/profile.ts:1
const enabled = process.env.OPENCODE_ACP_PROFILE === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b6339a8c3f43e6f4 Environment-variable access.
repo/packages/opencode/src/auth/index.ts:59
      if (process.env.OPENCODE_AUTH_CONTENT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2928957ebad03121 Environment-variable access.
repo/packages/opencode/src/auth/index.ts:61
          return JSON.parse(process.env.OPENCODE_AUTH_CONTENT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75311dc0a0589efd Environment-variable access.
repo/packages/opencode/src/cli/cmd/acp.ts:23
    process.env.OPENCODE_CLIENT = "acp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b6670c2be4ab26e Filesystem access.
repo/packages/opencode/src/cli/cmd/agent.ts:6
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #431d90d6fb704b60 Environment-variable access.
repo/packages/opencode/src/cli/cmd/debug/index.ts:56
    const termProgram = process.env.TERM_PROGRAM

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #965b153dca13a884 Environment-variable access.
repo/packages/opencode/src/cli/cmd/debug/index.ts:57
      ? `${process.env.TERM_PROGRAM}${process.env.TERM_PROGRAM_VERSION ? ` ${process.env.TERM_PROGRAM_VERSION}` : ""}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #caabeebae9fc6c9b Environment-variable access.
repo/packages/opencode/src/cli/cmd/debug/index.ts:59
    const terminal = [termProgram, process.env.TERM].filter((item): item is string => Boolean(item)).join(" / ")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b95257cc8c956907 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:406
    const variant = process.env["VARIANT"] || undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a248581a1ae463c1 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:471
        const githubToken = process.env["GITHUB_TOKEN"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3c27b6b21c07860f Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:656
      const value = process.env["MODEL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b029a6d459676715 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:667
      const value = process.env["GITHUB_RUN_ID"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3e75b398acce65c2 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:673
      const value = process.env["SHARE"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b0750df233be14a Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:681
      const value = process.env["USE_GITHUB_TOKEN"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b031a26f12d2ad5 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:689
      const value = process.env["OIDC_BASE_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c54e061e9ebd879 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:724
      const customPrompt = process.env["PROMPT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb14bb1261cf7081 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:739
      const mentions = (process.env["MENTIONS"] || "/opencode,/oc")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #56dbef29bd45a541 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/cli/cmd/github.handler.ts:1583
      await fetch("https://api.github.com/installation/token", {
        method: "DELETE",
        headers: {
          Authorization: `Bearer ${appToken}`,
          Accept: "application/vnd.github+json",
          "X-GitHub-Api-Version": "2022-11-28",
        },
      })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #feff6859a488c8b7 Environment-variable access.
repo/packages/opencode/src/cli/cmd/providers.ts:277
        if (process.env[envVar]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #790a09635b0b1534 Environment-variable access.
repo/packages/opencode/src/cli/cmd/run.ts:333
      const root = Filesystem.resolve(process.env.PWD ?? process.cwd())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f01cbc6b47d3040c Filesystem access.
repo/packages/opencode/src/cli/cmd/run/runtime.stdin.ts:1
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb422a0a164041eb Filesystem access.
repo/packages/opencode/src/cli/cmd/run/trace.ts:14
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd0ac6751114e87c Environment-variable access.
repo/packages/opencode/src/cli/cmd/run/trace.ts:58
  if (!process.env.OPENCODE_DIRECT_TRACE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0314d207ef86fe07 Filesystem access.
repo/packages/opencode/src/cli/cmd/run/trace.ts:65
  fs.writeFileSync(
    latest(),
    text({
      time: new Date().toISOString(),
      pid: process.pid,
      cwd: process.cwd(),
      argv: process.argv.slice(2),
      path: target,
    }) + "\n",
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59ca403ab7942fac Environment-variable access.
repo/packages/opencode/src/cli/cmd/tui.ts:66
export function resolveThreadDirectory(project?: string, envPWD = process.env.PWD, cwd = process.cwd()) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82e3202a5afdb72e Filesystem access.
repo/packages/opencode/src/cli/cmd/uninstall.ts:6
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad51e41facb8f9ad Environment-variable access.
repo/packages/opencode/src/cli/cmd/uninstall.ts:236
  const shell = path.basename(process.env.SHELL || "bash")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #488ea15306f646fb Environment-variable access.
repo/packages/opencode/src/cli/cmd/uninstall.ts:238
  const xdgConfig = process.env.XDG_CONFIG_HOME || path.join(home, ".config")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #438ead9795be12a5 Filesystem access.
repo/packages/opencode/src/config/config.ts:9
import fsNode from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e06f65e84208ccd9 Filesystem access.
repo/packages/opencode/src/config/config.ts:15
import { existsSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d19b3b7e016c92b1 Filesystem access.
repo/packages/opencode/src/config/config.ts:271
              await fsNode.writeFile(path.join(Global.Path.config, "config.json"), JSON.stringify(result, null, 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b1ccecb52f2682fc Environment-variable access.
repo/packages/opencode/src/config/config.ts:468
        if (process.env.OPENCODE_CONFIG_CONTENT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c781110b21bae10 Environment-variable access.
repo/packages/opencode/src/config/config.ts:470
          const next = yield* loadConfig(process.env.OPENCODE_CONFIG_CONTENT, {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1d38f63a9a9dbdb3 Environment-variable access.
repo/packages/opencode/src/config/config.ts:491
              process.env["OPENCODE_CONSOLE_TOKEN"] = tokenOpt.value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5f01f632eefc6e9 Filesystem access.
repo/packages/opencode/src/config/managed.ts:3
import { existsSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9386341ebe428e74 Environment-variable access.
repo/packages/opencode/src/config/managed.ts:25
      return path.join(process.env.ProgramData || "C:\\ProgramData", "opencode")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4a0dca61931581d Environment-variable access.
repo/packages/opencode/src/config/managed.ts:32
  return process.env.OPENCODE_TEST_MANAGED_CONFIG_DIR || systemManagedConfigDir()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1910d32940b0c3cf Environment-variable access.
repo/packages/opencode/src/config/variable.ts:37
    return (input.env?.[varName] ?? process.env[varName]) || ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ceb42c71d89493e5 Filesystem access.
repo/packages/opencode/src/control-plane/dev/debug-workspace-plugin.ts:30
  await writeFile(
    DEV_DATA_TEMP_FILE,
    JSON.stringify(
      {
        port,
        id,
        env,
      },
      null,
      2,
    ),
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #43329388aacb80df Environment-variable access.
repo/packages/opencode/src/control-plane/workspace.ts:533
        OTEL_EXPORTER_OTLP_HEADERS: process.env.OTEL_EXPORTER_OTLP_HEADERS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1932fba9c571713 Environment-variable access.
repo/packages/opencode/src/control-plane/workspace.ts:534
        OTEL_EXPORTER_OTLP_ENDPOINT: process.env.OTEL_EXPORTER_OTLP_ENDPOINT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c1c3b04850418c2 Environment-variable access.
repo/packages/opencode/src/control-plane/workspace.ts:535
        OTEL_RESOURCE_ATTRIBUTES: process.env.OTEL_RESOURCE_ATTRIBUTES,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aa745ecc3db2e4f0 Environment-variable access.
repo/packages/opencode/src/ide/index.ts:23
  if (process.env["TERM_PROGRAM"] === "vscode") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d89f3ec49efe3b7 Environment-variable access.
repo/packages/opencode/src/ide/index.ts:24
    const v = process.env["GIT_ASKPASS"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7807208f936cdd8f Environment-variable access.
repo/packages/opencode/src/ide/index.ts:33
  return process.env["OPENCODE_CALLER"] === "vscode" || process.env["OPENCODE_CALLER"] === "vscode-insiders"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5351c5f50b9e2bd5 Environment-variable access.
repo/packages/opencode/src/index.ts:67
    if (opts.printLogs) process.env.OPENCODE_PRINT_LOGS = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #66b5f5936a4ef54a Environment-variable access.
repo/packages/opencode/src/index.ts:68
    if (opts.logLevel) process.env.OPENCODE_LOG_LEVEL = opts.logLevel

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2baaf97f3b31d40 Environment-variable access.
repo/packages/opencode/src/index.ts:70
      process.env.OPENCODE_PURE = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa2fd021e5dce2a6 Environment-variable access.
repo/packages/opencode/src/index.ts:75
    process.env.AGENT = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39ee0de8f05650fe Environment-variable access.
repo/packages/opencode/src/index.ts:76
    process.env.OPENCODE = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #877a2194342b00eb Environment-variable access.
repo/packages/opencode/src/index.ts:77
    process.env.OPENCODE_PID = String(process.pid)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #656a74927404f5a9 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:147
        const response = yield* httpOk.execute(HttpClientRequest.get("https://opencode.ai/install"))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #35afe321001ef974 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:219
            HttpClientRequest.get("https://formulae.brew.sh/api/formula/opencode.json").pipe(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #8812716d514c8955 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:239
            HttpClientRequest.get(
              "https://community.chocolatey.org/api/v2/Packages?$filter=Id%20eq%20%27opencode%27%20and%20IsLatestVersion&$select=Version",
            ).pipe(HttpClientRequest.setHeaders({ Accept: "application/json;odata=verbose" })),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #4176842b6b94561f Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:249
            HttpClientRequest.get(
              "https://raw.githubusercontent.com/ScoopInstaller/Main/master/bucket/opencode.json",
            ).pipe(HttpClientRequest.setHeaders({ Accept: "application/json" })),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #ba0d34fa756c62cd Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:258
          HttpClientRequest.get("https://api.github.com/repos/anomalyco/opencode/releases/latest").pipe(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #64bd8f633f0c7141 Filesystem access.
repo/packages/opencode/src/lsp/server.ts:6
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #e45a5785d77a2dba Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:183
      const response = await fetch("https://github.com/microsoft/vscode-eslint/archive/refs/heads/main.zip")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #c705a0fcb38e5dc8 Environment-variable access.
repo/packages/opencode/src/lsp/server.ts:445
    const potentialVenvPaths = [process.env["VIRTUAL_ENV"], path.join(root, ".venv"), path.join(root, "venv")].filter(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b19ba8fb2f9af6bb Environment-variable access.
repo/packages/opencode/src/lsp/server.ts:502
    const potentialVenvPaths = [process.env["VIRTUAL_ENV"], path.join(root, ".venv"), path.join(root, "venv")].filter(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #5cbca1805cea2813 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:552
        const response = await fetch("https://github.com/elixir-lsp/elixir-ls/archive/refs/heads/master.zip")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #0cbc740c37937ab2 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:600
      const releaseResponse = await fetch("https://api.github.com/repos/zigtools/zls/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #a2c5e5c47325b329 Environment-variable access.
repo/packages/opencode/src/lsp/server.ts:779
    process.env.DOTNET_CLI_HOME ?? os.homedir(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a8740e2506060cb Environment-variable access.
repo/packages/opencode/src/lsp/server.ts:789
    process.env.VSCODE_EXTENSIONS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #90dd11eb6f2d902d Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:976
    const releaseResponse = await fetch("https://api.github.com/repos/clangd/clangd/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #3a696f262d95a8d7 Filesystem access.
repo/packages/opencode/src/lsp/server.ts:1171
        const content = await fs.readFile(pomFiles[i], "utf-8").catch(() => null)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #e018b39ddaf9f6cf Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1210
      const download = await fetch(releaseURL)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #609ff3f9573c8d57 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1297
      const releaseResponse = await fetch("https://api.github.com/repos/Kotlin/kotlin-lsp/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #21fe437fe9fb006e Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1405
      const releaseResponse = await fetch("https://api.github.com/repos/LuaLS/lua-language-server/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #a6dfbf95d8da88cf Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1632
      const releaseResponse = await fetch("https://api.releases.hashicorp.com/v1/releases/terraform-ls/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #7516c25206fddb9b Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1705
      const response = await fetch("https://api.github.com/repos/latex-lsp/texlab/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #8559bdc92b833504 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1877
      const response = await fetch("https://api.github.com/repos/Myriad-Dreamin/tinymist/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #c4227dc8f8f99261 Environment-variable access.
repo/packages/opencode/src/plugin/azure.ts:5
  if (!process.env.AZURE_RESOURCE_NAME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ea97746e96d8d28 Environment-variable access.
repo/packages/opencode/src/plugin/cloudflare.ts:4
  const prompts = !process.env.CLOUDFLARE_ACCOUNT_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #057fdf99fd0ada13 Environment-variable access.
repo/packages/opencode/src/plugin/cloudflare.ts:31
    ...(!process.env.CLOUDFLARE_ACCOUNT_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #164d62c048061a36 Environment-variable access.
repo/packages/opencode/src/plugin/cloudflare.ts:41
    ...(!process.env.CLOUDFLARE_GATEWAY_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #c5e25fcc48312a68 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/digitalocean.ts:170
  const res = await fetch(`${DO_GENAI_API}/models/routers`, {
    headers: {
      Authorization: `Bearer ${bearer}`,
      Accept: "application/json",
      "User-Agent": `opencode/${InstallationVersion}`,
    },
    signal: AbortSignal.timeout(10_000),
  }).catch(() => undefined)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #1d40efb12167ef3e Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/openai/codex.ts:108
  const response = await fetch(`${ISSUER}/oauth/token`, {
    method: "POST",
    headers: { "Content-Type": "application/x-www-form-urlencoded" },
    body: new URLSearchParams({
      grant_type: "authorization_code",
      code,
      redirect_uri: redirectUri,
      client_id: CLIENT_ID,
      code_verifier: pkce.verifier,
    }).toString(),
  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #46dd54f6cc719c66 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/openai/codex.ts:455
            const deviceResponse = await fetch(`${ISSUER}/api/accounts/deviceauth/usercode`, {
              method: "POST",
              headers: {
                "Content-Type": "application/json",
                "User-Agent": `opencode/${InstallationVersion}`,
              },
              body: JSON.stringify({ client_id: CLIENT_ID }),
            })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #edfeab1a34937f3c Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/openai/codex.ts:479
                  const response = await fetch(`${ISSUER}/api/accounts/deviceauth/token`, {
                    method: "POST",
                    headers: {
                      "Content-Type": "application/json",
                      "User-Agent": `opencode/${InstallationVersion}`,
                    },
                    body: JSON.stringify({
                      device_auth_id: deviceData.device_auth_id,
                      user_code: deviceData.user_code,
                    }),
                  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #23a91545d7d7dd91 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/openai/codex.ts:497
                    const tokenResponse = await fetch(`${ISSUER}/oauth/token`, {
                      method: "POST",
                      headers: { "Content-Type": "application/x-www-form-urlencoded" },
                      body: new URLSearchParams({
                        grant_type: "authorization_code",
                        code: data.authorization_code,
                        redirect_uri: `${ISSUER}/deviceauth/callback`,
                        client_id: CLIENT_ID,
                        code_verifier: data.code_verifier,
                      }).toString(),
                    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #17c8cdd593d49714 Filesystem access.
repo/packages/opencode/src/project/project.ts:327
      const buffer = yield* fs.readFile(shortest).pipe(Effect.orDie)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af419fef12926748 Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:306
        const envToken = process.env.AWS_BEARER_TOKEN_BEDROCK

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #656a715a469fbc3f Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:309
          process.env.AWS_BEARER_TOKEN_BEDROCK = auth.key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2b30ddf623baddf Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:318
        process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI || process.env.AWS_CONTAINER_CREDENTIALS_FULL_URI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a16db94f35d24634 Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:566
        const envAICoreServiceKey = process.env.AICORE_SERVICE_KEY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85f4b878c0fb6d58 Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:569
          process.env.AICORE_SERVICE_KEY = auth.key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #19e320080e265a9b Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:574
      const deploymentId = process.env.AICORE_DEPLOYMENT_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac8f40233c0db7a9 Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:575
      const resourceGroup = process.env.AICORE_RESOURCE_GROUP

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #6bd3b2a358c9b365 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/server/shared/ui.ts:9
export const UI_UPSTREAM = new URL("https://app.opencode.ai")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #3c577b8b2963c155 Filesystem access.
repo/packages/opencode/src/server/shared/ui.ts:72
  return fs.readFile(file).pipe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #02fd05f6ef85c81c Filesystem access.
repo/packages/opencode/src/session/prompt.ts:964
                    Buffer.from(yield* fsys.readFile(filepath).pipe(Effect.catch(Effect.die))).toString("base64"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #24fed999065c47de Environment-variable access.
repo/packages/opencode/src/share/share-next.ts:23
const disabled = process.env["OPENCODE_DISABLE_SHARE"] === "true" || process.env["OPENCODE_DISABLE_SHARE"] === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a9e74a927310b5e Environment-variable access.
repo/packages/opencode/src/temporary.ts:27
    if (opts.printLogs) process.env.OPENCODE_PRINT_LOGS = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #be81d8f165833cdd Environment-variable access.
repo/packages/opencode/src/temporary.ts:28
    if (opts.logLevel) process.env.OPENCODE_LOG_LEVEL = opts.logLevel

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8775d6c825acde79 Filesystem access.
repo/packages/opencode/src/tool/apply_patch.ts:115
            const source = yield* Bom.readFile(afs, filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f90b39927496e734 Filesystem access.
repo/packages/opencode/src/tool/apply_patch.ts:162
            const source = yield* Bom.readFile(afs, filePath).pipe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8980957e35364ac1 Filesystem access.
repo/packages/opencode/src/tool/edit.ts:126
              const source = yield* Bom.readFile(afs, filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb4a5e692f93903c Environment-variable access.
repo/packages/opencode/src/tool/mcp-websearch.ts:4
export const EXA_URL = process.env.EXA_API_KEY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0b7c9147ffc71c0 Environment-variable access.
repo/packages/opencode/src/tool/mcp-websearch.ts:5
  ? `https://mcp.exa.ai/mcp?exaApiKey=${encodeURIComponent(process.env.EXA_API_KEY)}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8555a2e837b499d1 Filesystem access.
repo/packages/opencode/src/tool/read.ts:307
        const bytes = yield* fs.readFile(filepath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7245cfb29c78554b Environment-variable access.
repo/packages/opencode/src/tool/shell.ts:142
  if (process.platform !== "win32") return process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34e8a5798e3beed1 Environment-variable access.
repo/packages/opencode/src/tool/shell.ts:144
  return name ? process.env[name] : undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #da61f843ecd5e351 Environment-variable access.
repo/packages/opencode/src/tool/websearch.ts:31
  const override = process.env.OPENCODE_WEBSEARCH_PROVIDER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #20af15d79a851c27 Environment-variable access.
repo/packages/opencode/src/tool/websearch.ts:56
  if (!process.env.PARALLEL_API_KEY) return headers

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #89c6eff4536a9a39 Environment-variable access.
repo/packages/opencode/src/tool/websearch.ts:57
  return { ...headers, Authorization: `Bearer ${process.env.PARALLEL_API_KEY}` }

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #077e5eeea18aad7e Filesystem access.
repo/packages/opencode/src/tool/write.ts:47
          const source = exists ? yield* Bom.readFile(fs, filepath) : { bom: false, text: "" }

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7cb517ddc1f0245 Filesystem access.
repo/packages/opencode/src/util/bom.ts:19
  return split(new TextDecoder("utf-8", { ignoreBOM: true }).decode(yield* fs.readFile(filePath)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e603a94670059e12 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:1
import { chmod, mkdir, readFile, stat as statFile, writeFile } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba2d5d3840e3d8aa Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:2
import { createWriteStream, existsSync, statSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb482b36aface0bb Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:3
import { realpathSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85f43db5cfbda85b Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:41
  return readFile(p, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b007d9a1be80ff68 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:45
  return JSON.parse(await readFile(p, "utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f8f24f1764258beb Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:49
  return readFile(p)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13d835b266645dc6 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:53
  const buf = await readFile(p)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf6b4e7990705e66 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:64
      await writeFile(p, content, { mode })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a743968c1c31ce25 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:66
      await writeFile(p, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd2502e0d021b949 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:72
        await writeFile(p, content, { mode })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f7f7d164d31ef6a Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:74
        await writeFile(p, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cac391438f28ae35 Environment-variable access.
repo/packages/opencode/src/util/proxy-env.ts:69
  return process.env[key.toLowerCase()] || process.env[key.toUpperCase()] || ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5cad3de777c63535 Environment-variable access.
repo/packages/opencode/src/util/repository.ts:100
  const base = process.env.OPENCODE_REPO_CLONE_GITHUB_BASE_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/console/app

npm first-party
high pii_flow production #27a0da14d040176a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/component/email-signup.tsx:10 · flow /tmp/closeopen-92vkrbwj/repo/packages/console/app/src/component/email-signup.tsx:13 → /tmp/closeopen-92vkrbwj/repo/packages/console/app/src/component/email-signup.tsx:10
  const response = await fetch(`https://api.emailoctopus.com/lists/${listId}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      email_address: emailAddress,
    }),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #febd36543b2f6409 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/lib/salesforce.ts:54 · flow /tmp/closeopen-92vkrbwj/repo/packages/console/app/src/lib/salesforce.ts:63 → /tmp/closeopen-92vkrbwj/repo/packages/console/app/src/lib/salesforce.ts:54
  const res = await fetch(`${auth.url}/services/data/v59.0/sobjects/Lead`, {
    method: "POST",
    headers: {
      Authorization: `Bearer ${auth.token}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      LastName: input.name,
      Company: input.company?.trim() || "Website",
      Email: input.email,
      Phone: input.phone ?? null,
      Title: input.role,
      Description: input.message,
      LeadSource: "Website",
    }),
  }).catch((err) => {

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #49bcf15ce7c9fffe User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/routes/api/enterprise.ts:39 · flow /tmp/closeopen-92vkrbwj/repo/packages/console/app/src/routes/api/enterprise.ts:42 → /tmp/closeopen-92vkrbwj/repo/packages/console/app/src/routes/api/enterprise.ts:39
  return fetch(`https://api.emailoctopus.com/lists/${EMAIL_OCTOPUS_LIST_ID}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify(payload),
  }).then(

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium pii_flow production #489cf9897a8edf78 Credentials parsed from the request URL are applied as authorization on the same outbound HTTP request. This is intentional URL authentication, not unexpected data exfiltration.
repo/packages/console/app/src/lib/salesforce.ts:54 · flow /tmp/closeopen-92vkrbwj/repo/packages/console/app/src/lib/salesforce.ts:57 → /tmp/closeopen-92vkrbwj/repo/packages/console/app/src/lib/salesforce.ts:54
  const res = await fetch(`${auth.url}/services/data/v59.0/sobjects/Lead`, {
    method: "POST",
    headers: {
      Authorization: `Bearer ${auth.token}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      LastName: input.name,
      Company: input.company?.trim() || "Website",
      Email: input.email,
      Phone: input.phone ?? null,
      Title: input.role,
      Description: input.message,
      LeadSource: "Website",
    }),
  }).catch((err) => {

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry production #154af974d7c7e8c9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:312
      await rateLimiter?.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #9439258c8d386f85 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:317
        await trialLimiter?.track(usageInfo)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #dd8e86f7c32df0ef Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:318
        await modelTpmLimiter?.track(providerInfo.id, providerInfo.model, usageInfo)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ab1f6e875a1a1f38 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:319
        await providerBudgetTracker?.track(providerInfo.id, providerInfo.budgetPriority, costInfo.totalCostInCent)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #64bab8379b354c60 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:366
                await rateLimiter?.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #63e89ff086d96b46 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:371
                  await trialLimiter?.track(usageInfo)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #56b5847bddbe0876 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:372
                  await modelTpmLimiter?.track(providerInfo.id, providerInfo.model, usageInfo)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #85da4441ce583e66 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:373
                  await modelTpsLimiter?.track(
                    providerInfo.id,
                    providerInfo.model,
                    providerInfo.tpsGoal,
                    timestampFirstByte,
                    timestampLastByte,
                    usageInfo,
                  )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #0c1858c4d7508492 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:381
                  await providerBudgetTracker?.track(
                    providerInfo.id,
                    providerInfo.budgetPriority,
                    costInfo.totalCostInCent,
                  )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 6 low-confidence finding(s)
low env_fs production #49dc162331d14e01 Filesystem access.
repo/packages/console/app/script/generate-sitemap.ts:2
import { readdir, writeFile } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86165a1883fb147a Filesystem access.
repo/packages/console/app/script/generate-sitemap.ts:103
  await writeFile(outputPath, xml, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #9cbbca50870a294b Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/app/src/component/email-signup.tsx:10
  const response = await fetch(`https://api.emailoctopus.com/lists/${listId}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      email_address: emailAddress,
    }),
  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #def8749a050b9cf1 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/app/src/lib/changelog.ts:42
  const response = await fetch("https://api.github.com/repos/anomalyco/opencode/releases?per_page=20", {
    headers: {
      Accept: "application/vnd.github.v3+json",
      "User-Agent": "OpenCode-Console",
    },
    cf: {
      // best-effort edge caching (ignored outside Cloudflare)
      cacheTtl: 60 * 5,
      cacheEverything: true,
    },
  } as RequestInit).catch(() => undefined)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #7652329fff2a13f8 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/app/src/routes/api/enterprise.ts:39
  return fetch(`https://api.emailoctopus.com/lists/${EMAIL_OCTOPUS_LIST_ID}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify(payload),
  }).then(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #957cca9eff5dfa55 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/app/src/routes/openapi.json.ts:2
  const response = await fetch(
    "https://raw.githubusercontent.com/anomalyco/opencode/refs/heads/dev/packages/sdk/openapi.json",
  )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/desktop

npm first-party
high pii_flow production #e13e3ab6259192dc User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/desktop/scripts/finalize-latest-json.ts:32 · flow /tmp/closeopen-92vkrbwj/repo/packages/desktop/scripts/finalize-latest-json.ts:16 → /tmp/closeopen-92vkrbwj/repo/packages/desktop/scripts/finalize-latest-json.ts:32
const rel = await fetch(`https://api.github.com/repos/${repo}/releases/${releaseId}`, {
  headers: {
    Authorization: `token ${token}`,
    Accept: "application/vnd.github+json",
  },
})

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #9c500092aa56c41b User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/desktop/scripts/finalize-latest-json.ts:116 · flow /tmp/closeopen-92vkrbwj/repo/packages/desktop/scripts/finalize-latest-json.ts:16 → /tmp/closeopen-92vkrbwj/repo/packages/desktop/scripts/finalize-latest-json.ts:116
  const res = await fetch(asset?.url ?? url, {
    headers: {
      Authorization: `token ${token}`,
      ...(asset ? { Accept: "application/octet-stream" } : {}),
    },
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry production #f0c6bdd1bde0732b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/desktop/electron.vite.config.ts:1
import { sentryVitePlugin } from "@sentry/vite-plugin"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #73927328b6f7de05 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/desktop/src/renderer/index.tsx:18
import * as Sentry from "@sentry/solid"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 63 low-confidence finding(s)
low env_fs production #9ad479fda0666e24 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:14
    const previous = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83034aacfca004a5 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:15
    process.env.OPENCODE_CHANNEL = channel.channel

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6b4d714b8417618f Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:20
    if (previous === undefined) delete process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b57772dfd7c6a6d Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:21
    else process.env.OPENCODE_CHANNEL = previous

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ce5b6bea00b8406 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:31
  const previous = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #035252ee732971a2 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:32
  process.env.OPENCODE_CHANNEL = "prod"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f66434c2944f99d Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:37
  if (previous === undefined) delete process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #41a455b9b654a831 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:38
  else process.env.OPENCODE_CHANNEL = previous

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d5798bc0dc9a263e Environment-variable access.
repo/packages/desktop/electron-builder.config.ts:20
  if (process.env.GITHUB_ACTIONS !== "true") return

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d326b54b6e8b3f1 Environment-variable access.
repo/packages/desktop/electron-builder.config.ts:30
  const raw = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa33c7ea33c5584c Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:9
  const raw = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ff318953bae6030a Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:11
  if (process.env.OPENCODE_CHANNEL === "latest") return "prod"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7fde6044921182a Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:18
  process.env.SENTRY_AUTH_TOKEN && process.env.SENTRY_ORG && process.env.SENTRY_PROJECT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b49cb26dbd7d889 Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:20
        authToken: process.env.SENTRY_AUTH_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f4ee7648a2087887 Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:21
        org: process.env.SENTRY_ORG,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #197a3a8b2c9dfc7e Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:22
        project: process.env.SENTRY_PROJECT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17351f2de10a4cde Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:25
          name: process.env.SENTRY_RELEASE ?? process.env.VITE_SENTRY_RELEASE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eea85e251e52b2c8 Filesystem access.
repo/packages/desktop/electron.vite.config.ts:76
            await fs.writeFile(`./out/main/chunks/${l}`, await fs.readFile(`${OPENCODE_SERVER_DIST}/${l}`))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc67b94471a49166 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:16
const repo = process.env.GH_REPO

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8457f326e07fc18d Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:19
const releaseId = process.env.OPENCODE_RELEASE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4bede27ec5c81265 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:22
const version = process.env.OPENCODE_VERSION

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b5430fc4006c689 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:25
const dir = process.env.LATEST_YML_DIR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8df4af958c1e5478 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:29
const token = process.env.GH_TOKEN ?? process.env.GITHUB_TOKEN

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #733a9747a430f2c0 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:126
  const tmp = process.env.RUNNER_TEMP ?? "/tmp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17f828d2eec943eb Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:207
const tmp = process.env.RUNNER_TEMP ?? "/tmp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7e94834511dd3dc Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-yml.ts:6
const dir = process.env.LATEST_YML_DIR!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6210d4fba69d32d Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-yml.ts:9
const repo = process.env.GH_REPO

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5944659770899e4 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-yml.ts:12
const version = process.env.OPENCODE_VERSION

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59a094e0119b2720 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-yml.ts:115
const tmp = process.env.RUNNER_TEMP ?? "/tmp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #28648c840e65b29b Environment-variable access.
repo/packages/desktop/scripts/predev.ts:3
await $`bun ./scripts/copy-icons.ts ${process.env.OPENCODE_CHANNEL ?? "dev"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #df136ec5dac57aaa Environment-variable access.
repo/packages/desktop/scripts/utils.ts:66
  if (process.platform === "win32" && process.env.GITHUB_ACTIONS === "true") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d77be80fbe36efd4 Environment-variable access.
repo/packages/desktop/src/main/apps.ts:27
  const home = process.env.HOME

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3722334aa7018473 Filesystem access.
repo/packages/desktop/src/main/apps.ts:58
    const content = await readFile(path, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de3292d417a900e4 Filesystem access.
repo/packages/desktop/src/main/attachment-picker.test.ts:27
      await writeFile(file, "lorem ipsum")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #590a18b78382d141 Filesystem access.
repo/packages/desktop/src/main/attachment-picker.test.ts:38
      await writeFile(file, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a0d3c1759a6b171 Environment-variable access.
repo/packages/desktop/src/main/index.ts:56
const TEST_ONBOARDING = process.env.OPENCODE_TEST_ONBOARDING === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c278acfd809b82a Environment-variable access.
repo/packages/desktop/src/main/index.ts:90
    const items = (process.env[key] ?? "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4746caecccdcb73 Environment-variable access.
repo/packages/desktop/src/main/index.ts:100
    process.env[key] = items.join(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #966fbf43f49463c5 Environment-variable access.
repo/packages/desktop/src/main/index.ts:115
  process.env.OPENCODE_DISABLE_EMBEDDED_WEB_UI = "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d44cdc7fdc9acb3 Environment-variable access.
repo/packages/desktop/src/main/index.ts:126
    process.env.OPENCODE_DB = ":memory:"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #293ca1db3260e8cf Environment-variable access.
repo/packages/desktop/src/main/index.ts:127
    process.env.XDG_DATA_HOME = join(root, "data")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0040ab502097dd4c Environment-variable access.
repo/packages/desktop/src/main/index.ts:128
    process.env.XDG_CONFIG_HOME = join(root, "config")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2b8703de0534f9d9 Environment-variable access.
repo/packages/desktop/src/main/index.ts:129
    process.env.XDG_CACHE_HOME = join(root, "cache")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6df67dab738fd243 Environment-variable access.
repo/packages/desktop/src/main/index.ts:130
    process.env.XDG_STATE_HOME = join(root, "state")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea2132c95ed74fc8 Environment-variable access.
repo/packages/desktop/src/main/index.ts:308
    const fromEnv = process.env.OPENCODE_PORT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61bace5182ed6886 Filesystem access.
repo/packages/desktop/src/main/logging.ts:93
    const contents = readFileSync(path, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a1bdb9f4daa584a Environment-variable access.
repo/packages/desktop/src/main/logging.ts:153
  const xdgData = process.env.XDG_DATA_HOME || join(homedir(), ".local", "share")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #80e8cad2ef1b0fb2 Filesystem access.
repo/packages/desktop/src/main/logging.ts:184
    const data = entry.data ?? readFileSync(entry.path!)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #00f38ed430b809b4 Filesystem access.
repo/packages/desktop/src/main/logging.ts:188
  writeFileSync(output, Buffer.from(await zip.arrayBuffer()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #279b5ada066a6d93 Environment-variable access.
repo/packages/desktop/src/main/migrate.ts:18
      return join(process.env.APPDATA ?? join(homedir(), "AppData", "Roaming"), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c14acb3bdf8809c5 Environment-variable access.
repo/packages/desktop/src/main/migrate.ts:20
      return join(process.env.XDG_DATA_HOME ?? join(homedir(), ".local", "share"), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01a0548f3428cc5d Filesystem access.
repo/packages/desktop/src/main/migrate.ts:42
    data = JSON.parse(readFileSync(datPath, "utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e2a4dfdab7586e8 Environment-variable access.
repo/packages/desktop/src/main/server.ts:51
    XDG_STATE_HOME: process.env.XDG_STATE_HOME ?? userDataPath,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f451063c06cfa89 Environment-variable access.
repo/packages/desktop/src/main/shell-env.ts:19
    return resolveUserShell(process.env.SHELL, userInfo().shell)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #575b194d238c54b5 Environment-variable access.
repo/packages/desktop/src/main/shell-env.ts:21
    return resolveUserShell(process.env.SHELL, undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f15109c012cd2d71 Environment-variable access.
repo/packages/desktop/src/main/sidecar.ts:87
    XDG_STATE_HOME: process.env.XDG_STATE_HOME ?? userDataPath,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4dfe2e8b9cf875f Environment-variable access.
repo/packages/desktop/src/main/sidecar.ts:94
    const items = (process.env[key] ?? "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #997cf6ef34fdb66e Environment-variable access.
repo/packages/desktop/src/main/sidecar.ts:104
    process.env[key] = items.join(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee8880a8c964a947 Filesystem access.
repo/packages/desktop/src/main/store-cleanup.test.ts:16
  await writeFile(join(root, name), value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7bf04f97f20d0fb1 Filesystem access.
repo/packages/desktop/src/main/store-cleanup.ts:84
  const raw = await readFile(file, "utf8").catch(() => undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7490ddbd8fdc39eb Environment-variable access.
repo/packages/desktop/src/main/windows.ts:292
  const devUrl = process.env.ELECTRON_RENDERER_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4443705b538050aa Environment-variable access.
repo/packages/desktop/src/main/windows.ts:455
  const devUrl = process.env.ELECTRON_RENDERER_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #316773feaac5970c Environment-variable access.
repo/packages/desktop/src/main/wsl/runtime.ts:389
  const root = process.env.SystemRoot ?? process.env.windir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/console/function

npm first-party
high pii_flow production #1ea6b4af89991799 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/auth.ts:112 · flow /tmp/closeopen-92vkrbwj/repo/packages/console/function/src/auth.ts:114 → /tmp/closeopen-92vkrbwj/repo/packages/console/function/src/auth.ts:112
          const emails = (await fetch("https://api.github.com/user/emails", {
            headers: {
              Authorization: `Bearer ${response.tokenset.access}`,
              "User-Agent": "opencode",
              Accept: "application/vnd.github+json",
            },
          }).then((x) => x.json())) as any

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #023fea4928e4af31 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/auth.ts:119 · flow /tmp/closeopen-92vkrbwj/repo/packages/console/function/src/auth.ts:121 → /tmp/closeopen-92vkrbwj/repo/packages/console/function/src/auth.ts:119
          const user = (await fetch("https://api.github.com/user", {
            headers: {
              Authorization: `Bearer ${response.tokenset.access}`,
              "User-Agent": "opencode",
              Accept: "application/vnd.github+json",
            },
          }).then((x) => x.json())) as any

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #93688728b3c786fd User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/log-processor.ts:68 · flow /tmp/closeopen-92vkrbwj/repo/packages/console/function/src/log-processor.ts:72 → /tmp/closeopen-92vkrbwj/repo/packages/console/function/src/log-processor.ts:68
              fetch(lakeIngest.url, {
                method: "POST",
                headers: {
                  "Content-Type": "application/json",
                  Authorization: `Bearer ${lakeIngest.secret}`,
                },
                body: JSON.stringify({ events: events.map((event) => toLakeEvent(event.time, event.data)) }),
              }),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 3 low-confidence finding(s)
low egress production #cc50b7097734faa2 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/function/src/auth.ts:112
          const emails = (await fetch("https://api.github.com/user/emails", {
            headers: {
              Authorization: `Bearer ${response.tokenset.access}`,
              "User-Agent": "opencode",
              Accept: "application/vnd.github+json",
            },
          }).then((x) => x.json())) as any

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #319ea87c238f6b10 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/function/src/auth.ts:119
          const user = (await fetch("https://api.github.com/user", {
            headers: {
              Authorization: `Bearer ${response.tokenset.access}`,
              "User-Agent": "opencode",
              Accept: "application/vnd.github+json",
            },
          }).then((x) => x.json())) as any

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #201097353326fa5d Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/function/src/log-processor.ts:58
        fetch("https://api.honeycomb.io/1/batch/zen", {
          method: "POST",
          headers: {
            "Content-Type": "application/json",
            "X-Honeycomb-Team": Resource.HONEYCOMB_API_KEY.value,
          },
          body: JSON.stringify(events),
        }),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/core

npm first-party
high pii_flow production #6cfb69f70c5e3aa3 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/core/src/plugin/provider/openai.ts:122 · flow /tmp/closeopen-92vkrbwj/repo/packages/core/src/plugin/provider/openai.ts:125 → /tmp/closeopen-92vkrbwj/repo/packages/core/src/plugin/provider/openai.ts:122
                fetch(`${issuer}/api/accounts/deviceauth/token`, {
                  method: "POST",
                  headers: headers("application/json"),
                  body: JSON.stringify({ device_auth_id: device.device_auth_id, user_code: device.user_code }),
                  signal,
                }),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #e4f6d52fe2ef273a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/core/src/session/compaction.ts:197 · flow /tmp/closeopen-92vkrbwj/repo/packages/core/src/session/compaction.ts:176 → /tmp/closeopen-92vkrbwj/repo/packages/core/src/session/compaction.ts:197
        LLM.request({
          model: input.model,
          messages: [Message.user(summaryPrompt)],
          tools: [],
          generation: { maxTokens: summaryOutput },
        }),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 94 low-confidence finding(s)
low env_fs production #8f348af12e285c11 Filesystem access.
repo/packages/core/script/fix-node-pty.ts:3
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d2b9b4d3a3b361cc Filesystem access.
repo/packages/core/script/migration.ts:4
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a9e3fed98e07d243 Environment-variable access.
repo/packages/core/src/database/database.ts:50
    process.env.OPENCODE_DISABLE_CHANNEL_DB === "1" ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #94cd1ca715f1eaaa Environment-variable access.
repo/packages/core/src/database/database.ts:51
    process.env.OPENCODE_DISABLE_CHANNEL_DB === "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a8cdcab9022c797d Filesystem access.
repo/packages/core/src/file-mutation.ts:112
          const current = yield* fs
            .readFile(input.target.canonical)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc7e8d1caafadaea Filesystem access.
repo/packages/core/src/file-mutation.ts:130
              : fs.writeFile(input.target.canonical, input.content, { flag: "wx" })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81c1336273ee028d Filesystem access.
repo/packages/core/src/file-mutation.ts:147
          const current = yield* fs.readFile(input.target.canonical)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e707ec2884a866e Filesystem access.
repo/packages/core/src/file-mutation.ts:153
            : fs.writeFile(input.target.canonical, input.content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7cda559fc77240f5 Filesystem access.
repo/packages/core/src/filesystem.ts:83
          content: yield* fs.readFile(target.real).pipe(Effect.orDie),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1164c241a3dab04d Environment-variable access.
repo/packages/core/src/flag/flag.ts:4
  const value = process.env[key]?.toLowerCase()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d8a761a31bc759c Environment-variable access.
repo/packages/core/src/flag/flag.ts:8
const copy = process.env["OPENCODE_EXPERIMENTAL_DISABLE_COPY_ON_SELECT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7ca61e295063dd7 Environment-variable access.
repo/packages/core/src/flag/flag.ts:9
const fff = process.env["OPENCODE_DISABLE_FFF"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08ab68e7f847c174 Environment-variable access.
repo/packages/core/src/flag/flag.ts:12
  return process.env[key] === undefined ? truthy("OPENCODE_EXPERIMENTAL") : truthy(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f0ec0b96466dc168 Environment-variable access.
repo/packages/core/src/flag/flag.ts:16
  OTEL_EXPORTER_OTLP_ENDPOINT: process.env["OTEL_EXPORTER_OTLP_ENDPOINT"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18f54321bedd49e4 Environment-variable access.
repo/packages/core/src/flag/flag.ts:17
  OTEL_EXPORTER_OTLP_HEADERS: process.env["OTEL_EXPORTER_OTLP_HEADERS"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6af1a72dcde4ded1 Environment-variable access.
repo/packages/core/src/flag/flag.ts:20
  OPENCODE_GIT_BASH_PATH: process.env["OPENCODE_GIT_BASH_PATH"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b89aa0c86744438 Environment-variable access.
repo/packages/core/src/flag/flag.ts:21
  OPENCODE_CONFIG: process.env["OPENCODE_CONFIG"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #87455b9c5a63450f Environment-variable access.
repo/packages/core/src/flag/flag.ts:22
  OPENCODE_CONFIG_CONTENT: process.env["OPENCODE_CONFIG_CONTENT"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #67b036609defe63b Environment-variable access.
repo/packages/core/src/flag/flag.ts:31
  OPENCODE_FAKE_VCS: process.env["OPENCODE_FAKE_VCS"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f6cc7e9fad7e178 Environment-variable access.
repo/packages/core/src/flag/flag.ts:32
  OPENCODE_SERVER_PASSWORD: process.env["OPENCODE_SERVER_PASSWORD"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23724ec5728352e5 Environment-variable access.
repo/packages/core/src/flag/flag.ts:33
  OPENCODE_SERVER_USERNAME: process.env["OPENCODE_SERVER_USERNAME"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5c1be296a6c0a37 Environment-variable access.
repo/packages/core/src/flag/flag.ts:45
  OPENCODE_MODELS_URL: process.env["OPENCODE_MODELS_URL"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #73ddf5501620eefd Environment-variable access.
repo/packages/core/src/flag/flag.ts:46
  OPENCODE_MODELS_PATH: process.env["OPENCODE_MODELS_PATH"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #314f46da9baceed8 Environment-variable access.
repo/packages/core/src/flag/flag.ts:47
  OPENCODE_DB: process.env["OPENCODE_DB"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f139fbf871a778e8 Environment-variable access.
repo/packages/core/src/flag/flag.ts:49
  OPENCODE_WORKSPACE_ID: process.env["OPENCODE_WORKSPACE_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7130a8da7543c5d4 Environment-variable access.
repo/packages/core/src/flag/flag.ts:61
    return process.env["OPENCODE_TUI_CONFIG"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b62ef52224099108 Environment-variable access.
repo/packages/core/src/flag/flag.ts:64
    return process.env["OPENCODE_CONFIG_DIR"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #922bca9f935d30f9 Environment-variable access.
repo/packages/core/src/flag/flag.ts:70
    return process.env["OPENCODE_PERMISSION"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b3ac920680703d33 Environment-variable access.
repo/packages/core/src/flag/flag.ts:73
    return process.env["OPENCODE_PLUGIN_META_FILE"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d971d85d96c8066 Environment-variable access.
repo/packages/core/src/flag/flag.ts:76
    return process.env["OPENCODE_CLIENT"] ?? "cli"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8de31f820efcb52d Filesystem access.
repo/packages/core/src/fs-util.ts:3
import { realpathSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39bb80804c7adfa4 Filesystem access.
repo/packages/core/src/fs-util.ts:4
import * as NFS from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4d865364450b6c4 Filesystem access.
repo/packages/core/src/global.ts:2
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #47eacaceba3b9efa Environment-variable access.
repo/packages/core/src/global.ts:19
    return process.env.OPENCODE_TEST_HOME ?? os.homedir()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c1e7a6406cc87d1 Environment-variable access.
repo/packages/core/src/integration.ts:298
        .flatMap((method) => method.names.filter((name) => process.env[name]))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9077d77a9a6079ee Environment-variable access.
repo/packages/core/src/integration.ts:387
            const key = process.env[connection.name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8bdb800e4c86de3 Environment-variable access.
repo/packages/core/src/observability/logging.ts:57
  const value = process.env.OPENCODE_LOG_LEVEL?.toUpperCase()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd3fccc1fd12c23d Environment-variable access.
repo/packages/core/src/observability/logging.ts:68
  return process.env.OPENCODE_PRINT_LOGS === "1" ? [fileLogger(), stderrLogger] : [fileLogger()]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #60ff02cf9fba13b6 Environment-variable access.
repo/packages/core/src/observability/otlp.ts:21
  const value = process.env.OTEL_RESOURCE_ATTRIBUTES

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b3f1f2139bd9a83d Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:85
        const profile = typeof options.profile === "string" ? options.profile : process.env.AWS_PROFILE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82ab1b2f005dd471 Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:86
        const region = typeof options.region === "string" ? options.region : (process.env.AWS_REGION ?? "us-east-1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1d883a32eaa0271a Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:88
          process.env.AWS_BEARER_TOKEN_BEDROCK ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b249b9cf54dc3529 Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:90
        if (bearerToken && !process.env.AWS_BEARER_TOKEN_BEDROCK) process.env.AWS_BEARER_TOKEN_BEDROCK = bearerToken

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e0b20615d9a4b47 Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:92
          process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI || process.env.AWS_CONTAINER_CREDENTIALS_FULL_URI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b614ff9338dbfbd4 Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:121
        const region = typeof evt.options.region === "string" ? evt.options.region : process.env.AWS_REGION

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa5526b8bf67cf87 Environment-variable access.
repo/packages/core/src/plugin/provider/azure.ts:23
            typeof configured === "string" && configured.trim() !== "" ? configured : process.env.AZURE_RESOURCE_NAME

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa587bbc906d84fe Environment-variable access.
repo/packages/core/src/plugin/provider/azure.ts:63
        const resourceName = process.env.AZURE_COGNITIVE_SERVICES_RESOURCE_NAME

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb8647b2972a60f3 Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-ai-gateway.ts:47
  const accountId = process.env.CLOUDFLARE_ACCOUNT_ID ?? stringOption(options, "accountId")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a6f2845a11609af6 Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-ai-gateway.ts:51
    process.env.CLOUDFLARE_GATEWAY_ID ?? stringOption(options, "gatewayId") ?? stringOption(options, "gateway")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #98020066e50d4d51 Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-ai-gateway.ts:52
  const apiKey = process.env.CLOUDFLARE_API_TOKEN ?? process.env.CF_AIG_TOKEN ?? stringOption(options, "apiKey")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab97b024dca73a94 Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-workers-ai.ts:50
  return process.env.CLOUDFLARE_ACCOUNT_ID ?? stringOption(options, "accountId")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #693fa23e34d12b24 Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-workers-ai.ts:65
    apiKey: process.env.CLOUDFLARE_API_KEY ?? options.apiKey,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44e887691da3d954 Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-workers-ai.ts:76
  return baseURL.replaceAll("${CLOUDFLARE_ACCOUNT_ID}", process.env.CLOUDFLARE_ACCOUNT_ID ?? "${CLOUDFLARE_ACCOUNT_ID}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75de4353cb0a8a70 Environment-variable access.
repo/packages/core/src/plugin/provider/gitlab.ts:19
              : (process.env.GITLAB_INSTANCE_URL ?? "https://gitlab.com"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #84c49f04738aa821 Environment-variable access.
repo/packages/core/src/plugin/provider/gitlab.ts:20
          apiKey: typeof evt.options.apiKey === "string" ? evt.options.apiKey : process.env.GITLAB_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a43e152413195c4 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:10
    process.env.GOOGLE_VERTEX_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc33746eb4156ff3 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:11
    process.env.GOOGLE_CLOUD_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c618f8478117e7e4 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:12
    process.env.GCP_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63307a9a40c7855f Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:13
    process.env.GCLOUD_PROJECT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f71653fb0adcb0d Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:20
    process.env.GOOGLE_VERTEX_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a11f0979ec61f263 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:21
    process.env.GOOGLE_CLOUD_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4b872fa3b6857f3 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:22
    process.env.VERTEX_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d5af44564c9c4160 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:125
            process.env.GOOGLE_CLOUD_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #986a558a71f89771 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:126
            process.env.GCP_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86e19e07b5d68b0f Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:127
            process.env.GCLOUD_PROJECT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f4ec02e2e27de1e4 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:130
            process.env.GOOGLE_CLOUD_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a3eafaa44621cbe Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:131
            process.env.VERTEX_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7124b8a7f0850050 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:147
            : (process.env.GOOGLE_CLOUD_PROJECT ?? process.env.GCP_PROJECT ?? process.env.GCLOUD_PROJECT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c8cb22f0ddb6b14c Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:151
            : (process.env.GOOGLE_CLOUD_LOCATION ?? process.env.VERTEX_LOCATION ?? "global")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #16c2d5b9e15f2d7f Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/core/src/plugin/provider/openai.ts:122
                fetch(`${issuer}/api/accounts/deviceauth/token`, {
                  method: "POST",
                  headers: headers("application/json"),
                  body: JSON.stringify({ device_auth_id: device.device_auth_id, user_code: device.user_code }),
                  signal,
                }),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #5922b92a637916e6 Environment-variable access.
repo/packages/core/src/plugin/provider/opencode.ts:167
      const hasKey = Boolean(process.env.OPENCODE_API_KEY || connected || item.provider.request.body.apiKey)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86c74d0af5047aed Environment-variable access.
repo/packages/core/src/plugin/provider/sap-ai-core.ts:15
          process.env.AICORE_SERVICE_KEY ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33a394e66bafb0e4 Environment-variable access.
repo/packages/core/src/plugin/provider/sap-ai-core.ts:17
        if (serviceKey && !process.env.AICORE_SERVICE_KEY) process.env.AICORE_SERVICE_KEY = serviceKey

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7383367f99b79dd3 Environment-variable access.
repo/packages/core/src/plugin/provider/sap-ai-core.ts:34
            ? { deploymentId: process.env.AICORE_DEPLOYMENT_ID, resourceGroup: process.env.AICORE_RESOURCE_GROUP }

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f66d557479005cf2 Environment-variable access.
repo/packages/core/src/plugin/provider/snowflake-cortex.ts:74
          process.env.SNOWFLAKE_CORTEX_TOKEN ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd1b1517af42893d Environment-variable access.
repo/packages/core/src/plugin/provider/snowflake-cortex.ts:75
          process.env.SNOWFLAKE_CORTEX_PAT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9455307d080ec210 Environment-variable access.
repo/packages/core/src/repository.ts:169
  const base = process.env.OPENCODE_REPO_CLONE_GITHUB_BASE_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3e32b17affc79611 Filesystem access.
repo/packages/core/src/shell.ts:5
import { readFile } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ec3ca78dae1ef11 Filesystem access.
repo/packages/core/src/shell.ts:6
import { statSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c707ca90a90cc424 Environment-variable access.
repo/packages/core/src/shell.ts:101
      [which("pwsh"), which("powershell"), gitbash(), process.env.COMSPEC || "cmd.exe"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85229f2c646c80ec Filesystem access.
repo/packages/core/src/shell.ts:109
  const text = await readFile("/etc/shells", "utf8").catch(() => "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1fbfedf050ec5b0 Environment-variable access.
repo/packages/core/src/shell.ts:207
  defaultPreferred ??= select(process.env.SHELL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2592a32af7d78d41 Environment-variable access.
repo/packages/core/src/shell.ts:216
  defaultAcceptable ??= select(process.env.SHELL, { acceptable: true })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #40db285f3ac2057f Filesystem access.
repo/packages/core/src/tool/apply-patch.ts:139
                    const source = yield* fs.readFile(target.canonical)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #57a383d81a2c8f6b Environment-variable access.
repo/packages/core/src/tool/bash.ts:49
const defaultShell = () => (process.platform === "win32" ? (process.env.COMSPEC ?? "cmd.exe") : "/bin/sh")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c711f180433ff004 Filesystem access.
repo/packages/core/src/tool/edit.ts:161
                const source = decodeUtf8(yield* unableToEdit(fs.readFile(target.canonical)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8041b78a81e96e6b Environment-variable access.
repo/packages/core/src/tool/websearch.ts:76
      process.env.OPENCODE_WEBSEARCH_PROVIDER === "exa" || process.env.OPENCODE_WEBSEARCH_PROVIDER === "parallel"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aed6647e10ae537b Environment-variable access.
repo/packages/core/src/tool/websearch.ts:77
        ? process.env.OPENCODE_WEBSEARCH_PROVIDER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2c9bc7a03d642b81 Environment-variable access.
repo/packages/core/src/tool/websearch.ts:81
    exaApiKey: process.env.EXA_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52e583ab8123975c Environment-variable access.
repo/packages/core/src/tool/websearch.ts:82
    parallelApiKey: process.env.PARALLEL_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #b7099d37db4248e5 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/core/src/tool/websearch.ts:147
  const url = new URL(EXA_URL)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #baa800a7f9603192 Filesystem access.
repo/packages/core/src/util/flock.ts:4
import { mkdir, readFile, rm, stat, utimes, writeFile } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #95f920a850d283af Environment-variable access.
repo/packages/core/src/util/which.ts:6
  const base = env?.PATH ?? env?.Path ?? process.env.PATH ?? process.env.Path ?? ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #45631110899aefff Environment-variable access.
repo/packages/core/src/util/which.ts:11
    pathExt: env?.PATHEXT ?? env?.PathExt ?? process.env.PATHEXT ?? process.env.PathExt,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/ui

npm first-party
high pii_flow production #90b1c34f839d09a0 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ui/vite.config.ts:49 · flow /tmp/closeopen-92vkrbwj/repo/packages/ui/vite.config.ts:48 → /tmp/closeopen-92vkrbwj/repo/packages/ui/vite.config.ts:49
  const providers = await fetch(`${url}/api.json`)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #e03a9c34363ff8d1 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ui/vite.config.ts:54 · flow /tmp/closeopen-92vkrbwj/repo/packages/ui/vite.config.ts:48 → /tmp/closeopen-92vkrbwj/repo/packages/ui/vite.config.ts:54
      fetch(`${url}/logos/${provider}.svg`)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 3 low-confidence finding(s)
low env_fs production #1df3260b4449e8b4 Filesystem access.
repo/packages/ui/vite.config.ts:4
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b63c5649f91f4b8 Environment-variable access.
repo/packages/ui/vite.config.ts:48
  const url = process.env.OPENCODE_MODELS_URL || "https://models.dev"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9faf0f895c9d51b9 Filesystem access.
repo/packages/ui/vite.config.ts:56
        .then((svg) => fs.writeFileSync(`./src/assets/icons/provider/${provider}.svg`, svg)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/cli

npm first-party
high pii_flow production #3452682d83d5d7ce User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/script/generate.ts:5 · flow /tmp/closeopen-92vkrbwj/repo/packages/cli/script/generate.ts:1 → /tmp/closeopen-92vkrbwj/repo/packages/cli/script/generate.ts:5
  : await fetch(`${modelsUrl}/api.json`).then((response) => response.text())

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 8 low-confidence finding(s)
low env_fs production #836238be40b195e7 Filesystem access.
repo/packages/cli/bin/lildax.cjs:4
const fs = require("fs")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ae905afade33861d Environment-variable access.
repo/packages/cli/bin/lildax.cjs:32
const envPath = process.env.OPENCODE_BIN_PATH

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #15d1508c62ba8345 Filesystem access.
repo/packages/cli/bin/lildax.cjs:44
      return /(^|\s)avx2(\s|$)/i.test(fs.readFileSync("/proc/cpuinfo", "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #03a695e3aded0158 Filesystem access.
repo/packages/cli/script/build.ts:4
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #449406ea36e2ba62 Filesystem access.
repo/packages/cli/script/build.ts:5
import { rm } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c5518748223a90c1 Environment-variable access.
repo/packages/cli/script/generate.ts:1
const modelsUrl = process.env.OPENCODE_MODELS_URL || "https://models.dev"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #689730fdb3d91cf0 Environment-variable access.
repo/packages/cli/script/generate.ts:3
export const modelsData = process.env.MODELS_DEV_API_JSON

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #92acc9fe49623975 Environment-variable access.
repo/packages/cli/script/generate.ts:4
  ? await Bun.file(process.env.MODELS_DEV_API_JSON).text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/stats/app

npm first-party
high pii_flow production #65003ea75b983940 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/stats/app/src/routes/api/newsletter.ts:17 · flow /tmp/closeopen-92vkrbwj/repo/packages/stats/app/src/routes/api/newsletter.ts:20 → /tmp/closeopen-92vkrbwj/repo/packages/stats/app/src/routes/api/newsletter.ts:17
  const response = await fetch(`https://api.emailoctopus.com/lists/${listId}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      email_address: emailAddress.trim(),
    }),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 1 low-confidence finding(s)
low egress production #778fcd21ca6fb9a3 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/stats/app/src/routes/api/newsletter.ts:17
  const response = await fetch(`https://api.emailoctopus.com/lists/${listId}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      email_address: emailAddress.trim(),
    }),
  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/app

npm first-party
medium telemetry production #66beae96b9d61efc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/app/src/app.tsx:2
import * as Sentry from "@sentry/solid"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #28142645d7eb329b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/app/src/entry.tsx:3
import * as Sentry from "@sentry/solid"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b675e380b033e8e2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/app/src/pages/error.tsx:2
import * as Sentry from "@sentry/solid"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #95957bedc2338e78 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/app/vite.config.ts:1
import { sentryVitePlugin } from "@sentry/vite-plugin"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 62 low-confidence finding(s)
low env_fs production #62af154758b042f6 Environment-variable access.
repo/packages/app/e2e/performance/benchmark.ts:32
          runID: process.env.OPENCODE_PERFORMANCE_RUN_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #217b3b343dca4b80 Environment-variable access.
repo/packages/app/e2e/performance/benchmark.ts:125
      runID: process.env.OPENCODE_PERFORMANCE_RUN_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f25351733d521c9 Environment-variable access.
repo/packages/app/e2e/performance/benchmark.ts:133
        selectorTrace: process.env.OPENCODE_PERFORMANCE_SELECTOR_TRACE === "1",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #465b4d58511caf63 Environment-variable access.
repo/packages/app/e2e/performance/chrome-trace.ts:22
  const directory = process.env.OPENCODE_PERFORMANCE_TRACE_DIR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4878c6f2f5af3bec Environment-variable access.
repo/packages/app/e2e/performance/chrome-trace.ts:25
  const selectors = process.env.OPENCODE_PERFORMANCE_SELECTOR_TRACE === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #28622ce4b1f97a2d Environment-variable access.
repo/packages/app/e2e/performance/chrome-trace.ts:76
  const run = process.env.OPENCODE_PERFORMANCE_RUN_ID ?? "manual"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d05f939ef5a29e04 Environment-variable access.
repo/packages/app/e2e/performance/playwright.config.ts:3
const port = Number(process.env.PLAYWRIGHT_PORT ?? 3000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7283c1599bc4ffa Environment-variable access.
repo/packages/app/e2e/performance/playwright.config.ts:4
process.env.PLAYWRIGHT_SERVER_PORT = String(port)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e94232919de0e96b Environment-variable access.
repo/packages/app/e2e/performance/playwright.config.ts:5
process.env.OPENCODE_PERFORMANCE_RUN_ID ??= `${new Date().toISOString().replace(/[:.]/g, "-")}-${process.pid}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f0b38b1f2274fb92 Environment-variable access.
repo/packages/app/e2e/performance/timeline-stability/fixture.ts:113
    server: `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #28ac56824e41f76a Environment-variable access.
repo/packages/app/e2e/performance/timeline/review-pane-scaling-benchmark.spec.ts:10
const completionTimeoutMs = Number(process.env.REVIEW_PANE_COMPLETION_TIMEOUT_MS ?? 900_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4814322eed00edcc Environment-variable access.
repo/packages/app/e2e/performance/timeline/review-pane-scaling-benchmark.spec.ts:44
        const patchByteLimit = Number(process.env.REVIEW_PANE_PATCH_BYTE_LIMIT ?? Number.POSITIVE_INFINITY)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ff8c50652e210510 Environment-variable access.
repo/packages/app/e2e/performance/timeline/review-pane-scaling-benchmark.spec.ts:46
          throw new Error(`Invalid REVIEW_PANE_PATCH_BYTE_LIMIT: ${process.env.REVIEW_PANE_PATCH_BYTE_LIMIT}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c03d78d687b993b9 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-parent-hydration-benchmark.spec.ts:11
const mode = process.env.SESSION_PARENT_HYDRATION_BENCHMARK_MODE ?? "natural"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #79e1e6230a2a581c Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-tab-switch-benchmark.spec.ts:33
    const runs = Number(process.env.SESSION_TAB_SWITCH_RUNS ?? 5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #be1c822fcc01e450 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:43
    benchmark.setTimeout(Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000) + 60_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #70c27e524f84898f Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:49
    benchmark.setTimeout(Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000) + 60_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81ffb5e2cc46103c Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:55
    benchmark.setTimeout(Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000) + 60_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78fe0a30318b3405 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:61
    benchmark.setTimeout(Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000) + 60_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb19b2b0c37826a6 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:70
    const historyTurns = Number(process.env.REVIEW_PANE_HISTORY_TURNS ?? 72)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0a930456dd09b8e Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:103
  const completionTimeoutMs = Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #548ff359ac7c0daf Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:104
  const cpuThrottle = Number(process.env.TIMELINE_CPU_THROTTLE ?? 30)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3cb418166eb1cc34 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:105
  const deltaCount = Number(process.env.TIMELINE_DELTA_COUNT ?? 160)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0d42419896788b62 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:106
  const historyTurns = Number(process.env.TIMELINE_HISTORY_TURNS ?? 320)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b1c9ba9931c0db87 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:107
  const eventBatch = Number(process.env.TIMELINE_EVENT_BATCH ?? 1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e6ed3f27f7e0074 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:108
  const minimal = process.env.TIMELINE_MINIMAL === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7d21ad0e3e45cb1f Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:109
  const profileCPU = process.env.TIMELINE_CPU_PROFILE === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #704335b0f516af65 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:110
  const profileVisual = !minimal && profileCPU && process.env.TIMELINE_VISUAL_PROFILE !== "0"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1728555ed674cb04 Environment-variable access.
repo/packages/app/e2e/performance/timeline/timeline-test-helpers.ts:83
  return `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b580c72b76dbaa0 Environment-variable access.
repo/packages/app/e2e/performance/timeline/timeline-test-helpers.ts:87
  return Array.from({ length: Number(process.env.REVIEW_PANE_DIFF_COUNT ?? 72) }, (_, index) => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61fcfd208213d2a2 Environment-variable access.
repo/packages/app/e2e/regression/new-session-panel-corner.spec.ts:7
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d391f8c28cd88b4 Environment-variable access.
repo/packages/app/e2e/regression/review-tab-switch.spec.ts:12
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a54f4eb964590b39 Environment-variable access.
repo/packages/app/e2e/regression/session-timeline-history-root.spec.ts:56
      server: `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #237b2e9992498b1a Environment-variable access.
repo/packages/app/e2e/regression/session-todo-dock-navigation.spec.ts:136
  const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #747d24a0f666d93b Environment-variable access.
repo/packages/app/e2e/regression/session-todo-dock-navigation.spec.ts:157
  const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #80c5d4e4d9fc77eb Environment-variable access.
repo/packages/app/e2e/regression/subagent-child-navigation.spec.ts:78
    (url) => url.pathname === "/session" && url.port === (process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74b5613a686d4d84 Environment-variable access.
repo/packages/app/e2e/regression/subagent-child-navigation.spec.ts:180
  const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b33c634848fdb4bd Environment-variable access.
repo/packages/app/e2e/regression/subagent-child-navigation.spec.ts:198
  const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f709bf02aa9d4efa Environment-variable access.
repo/packages/app/e2e/regression/terminal-tab-switch.spec.ts:13
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c7ba00f00491a15 Environment-variable access.
repo/packages/app/e2e/utils/mock-server.ts:49
    const targetPort = process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a34faebbfa177ce5 Environment-variable access.
repo/packages/app/e2e/utils/mock-server.ts:51
      process.env.PLAYWRIGHT_BASE_URL ?? `http://127.0.0.1:${process.env.PLAYWRIGHT_PORT ?? "3000"}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aacd83c38d3bc5e9 Environment-variable access.
repo/packages/app/e2e/utils/visual-stability/capture.ts:13
  if (process.env.OPENCODE_STABILITY_CAPTURE !== "1") return

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #70ec2f500411b75b Filesystem access.
repo/packages/app/e2e/utils/visual-stability/reporter.ts:19
  await writeFile(tracePath, JSON.stringify(trace, null, 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c54c9616a9125f2 Filesystem access.
repo/packages/app/e2e/utils/visual-stability/reporter.ts:20
  await writeFile(
    issuesPath,
    JSON.stringify({ issues, markers: result.markers, capturedFrameCount: result.frames.length }, null, 2),
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e2d183ccc1f6f503 Environment-variable access.
repo/packages/app/playwright.config.ts:3
const port = Number(process.env.PLAYWRIGHT_PORT ?? 3000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dca033ad1bfc31c0 Environment-variable access.
repo/packages/app/playwright.config.ts:4
const baseURL = process.env.PLAYWRIGHT_BASE_URL ?? `http://127.0.0.1:${port}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bff53468b98a778d Environment-variable access.
repo/packages/app/playwright.config.ts:5
const serverHost = process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c81303704234eb1 Environment-variable access.
repo/packages/app/playwright.config.ts:6
const serverPort = process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99fb662b005afe03 Environment-variable access.
repo/packages/app/playwright.config.ts:8
const reuse = !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa8541a802e53770 Environment-variable access.
repo/packages/app/playwright.config.ts:9
const workers = Number(process.env.PLAYWRIGHT_WORKERS ?? (process.env.CI ? 5 : 0)) || undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3577063719c6fd61 Environment-variable access.
repo/packages/app/playwright.config.ts:12
  testIgnore: process.env.OPENCODE_PERFORMANCE === "1" ? "performance/**/*.test.ts" : "performance/**",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dad719b9bd2c7257 Environment-variable access.
repo/packages/app/playwright.config.ts:18
  fullyParallel: process.env.PLAYWRIGHT_FULLY_PARALLEL === "1",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b73c68b2bbdaff3 Environment-variable access.
repo/packages/app/playwright.config.ts:19
  forbidOnly: !!process.env.CI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #21b511391c658f72 Environment-variable access.
repo/packages/app/playwright.config.ts:20
  retries: process.env.CI ? 2 : 0,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dba1b0a2350ce371 Environment-variable access.
repo/packages/app/vite.config.ts:6
  process.env.SENTRY_AUTH_TOKEN && process.env.SENTRY_ORG && process.env.SENTRY_PROJECT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c44234bd6508fe0 Environment-variable access.
repo/packages/app/vite.config.ts:8
        authToken: process.env.SENTRY_AUTH_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9b55e8616ce2862 Environment-variable access.
repo/packages/app/vite.config.ts:9
        org: process.env.SENTRY_ORG,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #963293b8cee122c9 Environment-variable access.
repo/packages/app/vite.config.ts:10
        project: process.env.SENTRY_PROJECT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4f195e624a79f91d Environment-variable access.
repo/packages/app/vite.config.ts:13
          name: process.env.SENTRY_RELEASE ?? process.env.VITE_SENTRY_RELEASE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a9342fb8a16549ef Environment-variable access.
repo/packages/app/vite.js:9
  const raw = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74cfc2ee550948be Environment-variable access.
repo/packages/app/vite.js:11
  if (process.env.OPENCODE_CHANNEL === "latest") return "prod"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cdc10493a3956add Filesystem access.
repo/packages/app/vite.js:42
        `<script id="oc-theme-preload-script">${readFileSync(theme, "utf8")}</script>`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/session-ui

npm first-party
medium telemetry production #5696da086d70ae65 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/session-ui/src/components/file.tsx:231
    if (bridge.track(event.buttons, hit.line)) return

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 1 low-confidence finding(s)
low env_fs production #1201b4f237badac8 Filesystem access.
repo/packages/session-ui/src/components/file-media.tsx:104
    void input.readFile(input.path).then(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/enterprise

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #c57ff2d38d606795 Environment-variable access.
repo/packages/enterprise/vite.config.ts:7
  const target = process.env.OPENCODE_DEPLOYMENT_TARGET

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b9e6aa78399a5eb9 Environment-variable access.
repo/packages/enterprise/vite.config.ts:26
      baseURL: process.env.OPENCODE_BASE_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/function

npm first-party
expand_more 1 low-confidence finding(s)
low egress production #8d5937d415709634 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/function/src/api.ts:271
    const JWKS = createRemoteJWKSet(new URL(JWKS_URL))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/http-recorder

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs production #bbf6781339bfa49b Filesystem access.
repo/packages/http-recorder/script/verify-package.ts:16
    await writeFile(
      path.join(directory, "package.json"),
      JSON.stringify({ name: "http-recorder-consumer", private: true, type: "module" }),
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4b4200990788cc91 Filesystem access.
repo/packages/http-recorder/script/verify-package.ts:20
    await writeFile(
      path.join(directory, "consumer.ts"),
      `import { HttpRecorder } from "@opencode-ai/http-recorder"
import { NodeSocket } from "@effect/platform-node"
import { Layer } from "effect"
import { HttpClient } from "effect/unstable/http"
import { Socket } from "effect/unstable/socket"

const options: HttpRecorder.RecorderOptions = { redact: { jsonFields: ["access_token"] } }
HttpRecorder.http("consumer", options) satisfies Layer.Layer<HttpClient.HttpClient>
HttpRecorder.socket("consumer/socket", options).pipe(
  Layer.provide(NodeSocket.layerWebSocket("wss://example.test")),
) satisfies Layer.Layer<Socket.Socket>
`,
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12b330af638c2a30 Filesystem access.
repo/packages/http-recorder/script/verify-package.ts:35
    await writeFile(
      path.join(directory, "tsconfig.json"),
      JSON.stringify({
        compilerOptions: {
          target: "ES2022",
          module: "NodeNext",
          moduleResolution: "NodeNext",
          strict: true,
          noEmit: true,
          // Required by [email protected]: its schema.d.ts references an undeclared SchemaErrorTypeId.
          skipLibCheck: true,
          lib: ["ES2022", "DOM", "ESNext.Disposable"],
        },
        include: ["consumer.ts"],
      }),
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a39f07dc878c834d Environment-variable access.
repo/packages/http-recorder/src/recorder.ts:7
  const value = process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/llm

npm first-party
expand_more 3 low-confidence finding(s)
low egress production #d8df4cbfefb137e4 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/llm/script/recording-cost-report.ts:219
const models = (await (await fetch(MODELS_DEV_URL)).json()) as JsonRecord

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #cf25e8e52f9b5c45 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/llm/script/setup-recording-env.ts:44
      HttpClientRequest.get("https://api.anthropic.com/v1/models").pipe(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #8b1ed64e43121d60 Environment-variable access.
repo/packages/llm/script/setup-recording-env.ts:290
  if (process.env[name]) return "shell"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/script

npm first-party
expand_more 5 low-confidence finding(s)
low env_fs production #ec0f3122327835cb Environment-variable access.
repo/packages/script/src/index.ts:21
  OPENCODE_CHANNEL: process.env["OPENCODE_CHANNEL"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #483904dbab63ae8a Environment-variable access.
repo/packages/script/src/index.ts:22
  OPENCODE_BUMP: process.env["OPENCODE_BUMP"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #58ce05af7e7be0a2 Environment-variable access.
repo/packages/script/src/index.ts:23
  OPENCODE_VERSION: process.env["OPENCODE_VERSION"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34e2a726da368a07 Environment-variable access.
repo/packages/script/src/index.ts:24
  OPENCODE_RELEASE: process.env["OPENCODE_RELEASE"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #ae1171ed7e43653f Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/script/src/index.ts:37
  const version = await fetch("https://registry.npmjs.org/opencode-ai/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/server

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #aeb8f9974acbc689 Environment-variable access.
repo/packages/server/src/auth.ts:53
  const password = credentials?.password ?? process.env.OPENCODE_SERVER_PASSWORD

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #593e3bef85ef583d Environment-variable access.
repo/packages/server/src/auth.ts:56
  return `Basic ${Buffer.from(`${credentials?.username ?? process.env.OPENCODE_SERVER_USERNAME ?? "opencode"}:${password}`).toString("base64")}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/slack

npm first-party
expand_more 6 low-confidence finding(s)
low env_fs production #0633347b3162723e Environment-variable access.
repo/packages/slack/src/index.ts:5
  token: process.env.SLACK_BOT_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34e7cc452682383d Environment-variable access.
repo/packages/slack/src/index.ts:6
  signingSecret: process.env.SLACK_SIGNING_SECRET,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82c5c9d5f5898ba7 Environment-variable access.
repo/packages/slack/src/index.ts:8
  appToken: process.env.SLACK_APP_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1661586b59e8dc34 Environment-variable access.
repo/packages/slack/src/index.ts:12
console.log("- Bot token present:", !!process.env.SLACK_BOT_TOKEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0eb142471d23897 Environment-variable access.
repo/packages/slack/src/index.ts:13
console.log("- Signing secret present:", !!process.env.SLACK_SIGNING_SECRET)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c0b4b91f690e5de5 Environment-variable access.
repo/packages/slack/src/index.ts:14
console.log("- App token present:", !!process.env.SLACK_APP_TOKEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/stats/core

npm first-party
expand_more 10 low-confidence finding(s)
low env_fs production #b2459912f9da5dcf Environment-variable access.
repo/packages/stats/core/src/domain/home.ts:259
  return process.env.DATABASE_URL ?? Resource.StatsDatabase.url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8cbafd85e0bbf6df Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:32
    process.env.PLANETSCALE_HOST &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e99e2516ce98918 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:33
    process.env.PLANETSCALE_USERNAME &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #713ae17ba3b339c5 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:34
    process.env.PLANETSCALE_PASSWORD &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2296cfa1d36404e7 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:35
    process.env.PLANETSCALE_DATABASE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #df93dacb0cfdf270 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:37
    return `mysql://${encodeURIComponent(process.env.PLANETSCALE_USERNAME)}:${encodeURIComponent(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #645d41bccefa0669 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:38
      process.env.PLANETSCALE_PASSWORD,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e14746b0bc706a19 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:39
    )}@${process.env.PLANETSCALE_HOST}/${process.env.PLANETSCALE_DATABASE}?ssl=${encodeURIComponent(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c6eb76a617e52d0c Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:43
  return process.env.DATABASE_URL ?? Resource.StatsDatabase.url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7455b8ccfacb16e Environment-variable access.
repo/packages/stats/core/src/honeycomb-backfill.ts:944
    databaseUrl: flags.get("database-url")?.[0] ?? process.env.DATABASE_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/storybook

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #a8078babdd29d39c Filesystem access.
repo/packages/storybook/.storybook/playground-css-plugin.ts:117
              const content = fs.readFileSync(abs, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d43e8db25d92065 Filesystem access.
repo/packages/storybook/.storybook/playground-css-plugin.ts:122
                fs.writeFileSync(abs, applied.content, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/tui

npm first-party
expand_more 27 low-confidence finding(s)
low env_fs production #d150cc283161411c Environment-variable access.
repo/packages/tui/src/app.tsx:267
                        multiplexer: process.env.TMUX ? "tmux" : process.env.STY ? "screen" : undefined,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e1adaf90acdcf66e Environment-variable access.
repo/packages/tui/src/app.tsx:268
                        displayServer: process.env.WAYLAND_DISPLAY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1a9e140a860311d7 Environment-variable access.
repo/packages/tui/src/app.tsx:270
                          : process.env.DISPLAY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #adcdf9ebdbf99e08 Environment-variable access.
repo/packages/tui/src/app.tsx:277
                          initialRoute: process.env.OPENCODE_ROUTE ? JSON.parse(process.env.OPENCODE_ROUTE) : undefined,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #73710a63c358be57 Environment-variable access.
repo/packages/tui/src/app.tsx:278
                          skipInitialLoading: Boolean(process.env.OPENCODE_FAST_BOOT),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c747e10abccf6a7b Filesystem access.
repo/packages/tui/src/audio.ts:28
  const task = readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bcc024aa171f52f7 Environment-variable access.
repo/packages/tui/src/clipboard.ts:26
  process.stdout.write(process.env.TMUX || process.env.STY ? `\x1bPtmux;\x1b${sequence}\x1b\\` : sequence)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #76868af539398d77 Filesystem access.
repo/packages/tui/src/clipboard.ts:45
      return { data: (await readFile(file)).toString("base64"), mime: "image/png" }

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a217436500d6bd86 Environment-variable access.
repo/packages/tui/src/clipboard.ts:101
    const native = copyCommand(platform(), Boolean(process.env.WAYLAND_DISPLAY), (name) => Boolean(which(name)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #43aabfc8af6358bb Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/tui/src/component/error-component.tsx:207
  const url = new URL("https://github.com/anomalyco/opencode/issues/new?template=bug-report.yml")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #619a55566b33176e Filesystem access.
repo/packages/tui/src/component/prompt/local-attachment.ts:17
      readText: (value) => readFile(value, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61a280dc9feb53d2 Filesystem access.
repo/packages/tui/src/component/prompt/local-attachment.ts:18
      readBytes: (value) => readFile(value),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d9a416b193831ea Environment-variable access.
repo/packages/tui/src/context/editor.ts:117
    const value = process.env.CLAUDE_CODE_SSE_PORT || process.env.OPENCODE_EDITOR_SSE_PORT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a708a32f798bc6b0 Environment-variable access.
repo/packages/tui/src/context/editor.ts:121
    const zedTerminal = process.env.ZED_TERM === "true" || process.env.TERM_PROGRAM?.toLowerCase() === "zed"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a859679aa3cdefb Filesystem access.
repo/packages/tui/src/context/theme.tsx:57
      result[path.basename(file, ".json")] = JSON.parse(await readFile(file, "utf8")) as unknown

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #762f58b4bbf5c0da Filesystem access.
repo/packages/tui/src/editor-zed.ts:67
      : await readFileAsync(row.buffer_path, "utf8").catch(() => undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #856f8c3473c3082d Environment-variable access.
repo/packages/tui/src/editor-zed.ts:189
    process.env.OPENCODE_ZED_DB,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bcbc5c6f8f028238 Environment-variable access.
repo/packages/tui/src/editor-zed.ts:198
  return process.env.ZED_TERM === "true" || process.env.TERM_PROGRAM?.toLowerCase() === "zed"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81d4967d1aa2676d Environment-variable access.
repo/packages/tui/src/editor.ts:27
  const editor = process.env.VISUAL || process.env.EDITOR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d3579a4041c42d79 Filesystem access.
repo/packages/tui/src/editor.ts:30
  await writeFile(file, input.value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ef6bd2b598f5b7d Filesystem access.
repo/packages/tui/src/editor.ts:47
    return (await readFile(file, "utf8")) || undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #161c69732b3f6cbf Filesystem access.
repo/packages/tui/src/editor.ts:71
          const value = JSON.parse(readFileSync(file, "utf8")) as Record<string, unknown>

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #57ca2c47dc485545 Filesystem access.
repo/packages/tui/src/routes/session/index.tsx:183
    await writeFile(file, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44f3578b3f722ecf Filesystem access.
repo/packages/tui/src/util/persistence.ts:2
import { appendFile, mkdir, rename, rm } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ed87709442c3f72 Environment-variable access.
repo/packages/tui/src/util/system.ts:16
  const program = process.env.TERM_PROGRAM || process.env.TERM || "unknown"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #312b56aff4bebf5e Environment-variable access.
repo/packages/tui/src/util/system.ts:17
  const version = process.env.TERM_PROGRAM_VERSION ? ` ${process.env.TERM_PROGRAM_VERSION}` : ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #da0d1f9553ce415a Environment-variable access.
repo/packages/tui/src/util/system.ts:18
  const multiplexer = process.env.TMUX ? " in tmux" : process.env.STY ? " in screen" : ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/web

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #e77e51ca1667263f Environment-variable access.
repo/packages/web/config.mjs:1
const stage = process.env.SST_STAGE || "dev"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

@openauthjs/openauth

npm dependency
high pii_flow dependency Excluded from app score #8a0fb205572e067f User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/@[email protected]/src/provider/oauth2.ts:193 · flow /tmp/closeopen-92vkrbwj/pkgs/npm/@[email protected]/src/provider/oauth2.ts:193 → /tmp/closeopen-92vkrbwj/pkgs/npm/@[email protected]/src/provider/oauth2.ts:193
        const json: any = await fetch(config.endpoint.token, {
          method: "POST",
          headers: {
            "Content-Type": "application/x-www-form-urlencoded",
            Accept: "application/json",
          },
          body: body.toString(),
        }).then((r) => r.json())

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 13 low-confidence finding(s)
low env_fs dependency Excluded from app score #189b89fb566f9ddb Environment-variable access.
pkgs/npm/@[email protected]/src/client.ts:550
  const issuer = input.issuer || process.env.OPENAUTH_ISSUER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #404af5dcf7a0942d Environment-variable access.
pkgs/npm/@[email protected]/src/issuer.ts:491
  if (process.env.OPENAUTH_STORAGE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca75664d26461d56 Environment-variable access.
pkgs/npm/@[email protected]/src/issuer.ts:492
    const parsed = JSON.parse(process.env.OPENAUTH_STORAGE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0fc53640ce11db1 Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:31
  if (process.env.AWS_ACCESS_KEY_ID && process.env.AWS_SECRET_ACCESS_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82c36316a2bfb1f0 Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:33
      accessKeyId: process.env.AWS_ACCESS_KEY_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #158e8a427c916ccf Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:34
      secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8171e11bb4a0f2a Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:35
      sessionToken: process.env.AWS_SESSION_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #adea5cd91d030071 Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:36
      region: process.env.AWS_REGION,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54a14caa008bb953 Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:40
  if (process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49727ae7fc19ba21 Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:43
        process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5b27a13ceab9eaa Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:49
      region: process.env.AWS_REGION,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2cba08146fa32f67 Filesystem access.
pkgs/npm/@[email protected]/src/storage/memory.ts:59
      const file = readFileSync(input?.persist)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #580f473247a67e0b Filesystem access.
pkgs/npm/@[email protected]/src/storage/memory.ts:67
    await writeFile(input.persist, file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ai

npm dependency
high pii_flow dependency Excluded from app score #ef6bafe06388911d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110 · flow /tmp/closeopen-92vkrbwj/pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110 → /tmp/closeopen-92vkrbwj/pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110
      const response = await fetch(this.api.token, {
        method: 'POST',
        headers: { 'Content-Type': 'application/json' },
        body: JSON.stringify({ sessionConfig: this.sessionConfig }),
      });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

@actions/core

npm dependency
expand_more 15 low-confidence finding(s)
low env_fs dependency Excluded from app score #a8cdb5a08c532c11 Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:67
    process.env[name] = convertedVal;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #063e9339381c9dd6 Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:68
    const filePath = process.env['GITHUB_ENV'] || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31a765c6b94ae2bc Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:88
    const filePath = process.env['GITHUB_PATH'] || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71343bccce677236 Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:95
    process.env['PATH'] = `${inputPath}${path.delimiter}${process.env['PATH']}`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df977392b6f71cd1 Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:108
    const val = process.env[`INPUT_${name.replace(/ /g, '_').toUpperCase()}`] || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3694ecca939d16f4 Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:166
    const filePath = process.env['GITHUB_OUTPUT'] || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5f767e0c7042c68 Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:203
    return process.env['RUNNER_DEBUG'] === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe47fac674b5de64 Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:300
    const filePath = process.env['GITHUB_STATE'] || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23feb6387a3cbb6f Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:314
    return process.env[`STATE_${name}`] || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3600b757366de3b0 Filesystem access.
pkgs/npm/@[email protected]/lib/file-command.js:31
const fs = __importStar(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48f2aefa53c90623 Environment-variable access.
pkgs/npm/@[email protected]/lib/file-command.js:35
    const filePath = process.env[`GITHUB_${command}`];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63a1dcea6c94f4b1 Environment-variable access.
pkgs/npm/@[email protected]/lib/oidc-utils.js:25
        const token = process.env['ACTIONS_ID_TOKEN_REQUEST_TOKEN'];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a6d9b6fc8dd535e Environment-variable access.
pkgs/npm/@[email protected]/lib/oidc-utils.js:32
        const runtimeUrl = process.env['ACTIONS_ID_TOKEN_REQUEST_URL'];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ddc10867e264f8fb Filesystem access.
pkgs/npm/@[email protected]/lib/summary.js:14
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aad73b55ccffd9a9 Environment-variable access.
pkgs/npm/@[email protected]/lib/summary.js:33
            const pathFromEnv = process.env[exports.SUMMARY_ENV_VAR];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@actions/github

npm dependency
expand_more 21 low-confidence finding(s)
low env_fs dependency Excluded from app score #87174bab84a3e43c Filesystem access.
pkgs/npm/@[email protected]/lib/context.js:4
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d05b1e608f4a320 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:13
        if (process.env.GITHUB_EVENT_PATH) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1d45e372dbc0511 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:14
            if ((0, fs_1.existsSync)(process.env.GITHUB_EVENT_PATH)) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9bd7ebc4259220d Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:15
                this.payload = JSON.parse((0, fs_1.readFileSync)(process.env.GITHUB_EVENT_PATH, { encoding: 'utf8' }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79a990bd9571a23e Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:18
                const path = process.env.GITHUB_EVENT_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ce221b3ce42cac9 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:22
        this.eventName = process.env.GITHUB_EVENT_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #556e37b8f0df3956 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:23
        this.sha = process.env.GITHUB_SHA;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d8813828df51e83 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:24
        this.ref = process.env.GITHUB_REF;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c94fedb09fd76bbb Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:25
        this.workflow = process.env.GITHUB_WORKFLOW;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d31422c9089ee56 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:26
        this.action = process.env.GITHUB_ACTION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56f49e9f90281d23 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:27
        this.actor = process.env.GITHUB_ACTOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd87aef1a92613f2 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:28
        this.job = process.env.GITHUB_JOB;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2eaf447054ba9c7d Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:29
        this.runAttempt = parseInt(process.env.GITHUB_RUN_ATTEMPT, 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c641f9e132bc0ed Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:30
        this.runNumber = parseInt(process.env.GITHUB_RUN_NUMBER, 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c9d738578cf76e9 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:31
        this.runId = parseInt(process.env.GITHUB_RUN_ID, 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a1dbf0d239f95c5 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:32
        this.apiUrl = (_a = process.env.GITHUB_API_URL) !== null && _a !== void 0 ? _a : `https://api.github.com`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6f439c8eec322ec Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:33
        this.serverUrl = (_b = process.env.GITHUB_SERVER_URL) !== null && _b !== void 0 ? _b : `https://github.com`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b4b4cb0516804bd Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:35
            (_c = process.env.GITHUB_GRAPHQL_URL) !== null && _c !== void 0 ? _c : `https://api.github.com/graphql`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc29702bd58f2808 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:42
        if (process.env.GITHUB_REPOSITORY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ee441b053de2974 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:43
            const [owner, repo] = process.env.GITHUB_REPOSITORY.split('/');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10144a0bf0e4b8a6 Environment-variable access.
pkgs/npm/@[email protected]/lib/internal/utils.js:67
    return process.env['GITHUB_API_URL'] || 'https://api.github.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@ai-sdk/google-vertex

npm dependency
expand_more 1 low-confidence finding(s)
low egress dependency Excluded from app score #edcc5dec2501454a Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/@[email protected]/src/edge/google-vertex-auth-edge.ts:139
    const response = await fetch('https://oauth2.googleapis.com/token', {
      method: 'POST',
      headers: withUserAgentSuffix(
        { 'Content-Type': 'application/x-www-form-urlencoded' },
        `ai-sdk/google-vertex/${VERSION}`,
        getRuntimeEnvironmentUserAgent(),
      ),
      body: new URLSearchParams({
        grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
        assertion: jwt,
      }),
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

@ai-sdk/provider-utils

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #d075f942a33bb41e Environment-variable access.
pkgs/npm/@[email protected]/src/load-api-key.ts:30
  apiKey = process.env[environmentVariableName];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf241fd41d3eeaf4 Environment-variable access.
pkgs/npm/@[email protected]/src/load-optional-setting.ts:23
  settingValue = process.env[environmentVariableName];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8a40af8ce27f131 Environment-variable access.
pkgs/npm/@[email protected]/src/load-setting.ts:42
  settingValue = process.env[environmentVariableName];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@ai-sdk/togetherai

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #1133303897ab2a44 Environment-variable access.
pkgs/npm/@[email protected]/src/togetherai-provider.ts:105
  if (typeof process.env.TOGETHER_API_KEY === 'string') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e71219a22415380 Environment-variable access.
pkgs/npm/@[email protected]/src/togetherai-provider.ts:108
  const key = process.env.TOGETHER_AI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@astrojs/starlight

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #04551cd54bb59ee8 Filesystem access.
pkgs/npm/@[email protected]/utils/translations-fs.ts:36
			const content = fs.readFileSync(new URL(file, i18nDir), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@aws-sdk/credential-providers

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #748cfbdd93836f54 Environment-variable access.
pkgs/npm/@[email protected]/dist-cjs/fromTemporaryCredentials.js:8
    return (0, fromTemporaryCredentials_base_1.fromTemporaryCredentials)(options, fromNodeProviderChain_1.fromNodeProviderChain, async ({ profile = process.env.AWS_PROFILE }) => (0, config_1.loadConfig)({

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f5f54b72c7d597a Environment-variable access.
pkgs/npm/@[email protected]/dist-es/fromTemporaryCredentials.js:5
    return fromTemporaryCredentialsBase(options, fromNodeProviderChain, async ({ profile = process.env.AWS_PROFILE }) => loadConfig({

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@dnd-kit/dom

npm dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #9ac843824ffc7370 Environment-variable access.
pkgs/npm/@[email protected]/index.cjs:451
  if (!("adoptedStyleSheets" in root && Array.isArray(root.adoptedStyleSheets)) && process.env.NODE_ENV !== "production") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca85303a5299af07 Environment-variable access.
pkgs/npm/@[email protected]/index.cjs:459
    if (process.env.NODE_ENV !== "production") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1acc8a7c34c08853 Environment-variable access.
pkgs/npm/@[email protected]/index.js:450
  if (!("adoptedStyleSheets" in root && Array.isArray(root.adoptedStyleSheets)) && process.env.NODE_ENV !== "production") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05f4969650e566f7 Environment-variable access.
pkgs/npm/@[email protected]/index.js:458
    if (process.env.NODE_ENV !== "production") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@dnd-kit/solid

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #274a371cf308b663 Environment-variable access.
pkgs/npm/@[email protected]/index.cjs:428
      if (process.env.NODE_ENV !== "production") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66a9b200629f5f24 Environment-variable access.
pkgs/npm/@[email protected]/index.js:427
      if (process.env.NODE_ENV !== "production") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@effect/platform-node-shared

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #7783e14c4bf7ad10 Filesystem access.
pkgs/npm/@[email protected]/src/NodeFileSystem.ts:416
      NFS.readFile(path, { signal }, (err, data) => {
        if (err) {
          resume(Effect.fail(handleErrnoException("FileSystem", "readFile")(err, [path])))
        } else {
          resume(Effect.succeed(data))
        }
      })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bbfc4202962868a Filesystem access.
pkgs/npm/@[email protected]/src/NodeFileSystem.ts:599
      NFS.writeFile(path, data, {
        signal,
        flag: options?.flag,
        mode: options?.mode
      }, (err) => {
        if (err) {
          resume(Effect.fail(handleErrnoException("FileSystem", "writeFile")(err, [path])))
        } else {
          resume(Effect.void)
        }
      })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@ff-labs/fff-bun

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs tooling Excluded from app score unknown #519a87eb2583ea65 Environment-variable access.
pkgs/npm/@[email protected]/examples/search.ts:171
  const nvimCache = process.env.XDG_CACHE_HOME || join(homedir(), ".cache", "nvim");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #43fd4bb385dd87cf Environment-variable access.
pkgs/npm/@[email protected]/examples/search.ts:173
    process.env.XDG_DATA_HOME || join(homedir(), ".local", "share", "nvim");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@kobalte/core

npm dependency
expand_more 13 low-confidence finding(s)
low env_fs dependency Excluded from app score #f9ac34cba5582c6d Environment-variable access.
pkgs/npm/@[email protected]/src/accordion/accordion.test.tsx:34
describe.skipIf(process.env.GITHUB_ACTIONS)("Accordion", () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fff507b01b56fb18 Environment-variable access.
pkgs/npm/@[email protected]/src/image/image.test.tsx:18
describe.skipIf(process.env.GITHUB_ACTIONS)("Image", () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a33afc9cae403e8d Environment-variable access.
pkgs/npm/@[email protected]/src/tabs/tabs.test.tsx:371
	it.skipIf(process.env.GITHUB_ACTIONS)(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7d58100766e399d Environment-variable access.
pkgs/npm/@[email protected]/src/tabs/tabs.test.tsx:396
	it.skipIf(process.env.GITHUB_ACTIONS)(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92e38fbbf96a3915 Environment-variable access.
pkgs/npm/@[email protected]/src/tabs/tabs.test.tsx:420
	it.skipIf(process.env.GITHUB_ACTIONS)(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1604c2ae71b5baf0 Environment-variable access.
pkgs/npm/@[email protected]/src/tabs/tabs.test.tsx:457
	it.skipIf(process.env.GITHUB_ACTIONS)(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7b6aa13b58eb432 Environment-variable access.
pkgs/npm/@[email protected]/src/tabs/tabs.test.tsx:490
	it.skipIf(process.env.GITHUB_ACTIONS)(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20bf111b389808f0 Environment-variable access.
pkgs/npm/@[email protected]/src/toast/toast.test.tsx:343
	it.skipIf(process.env.GITHUB_ACTIONS)(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83f337d7125121bb Environment-variable access.
pkgs/npm/@[email protected]/src/toast/toast.test.tsx:604
		it.skipIf(process.env.GITHUB_ACTIONS)(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef07107dbae3457b Environment-variable access.
pkgs/npm/@[email protected]/src/toast/toast.test.tsx:660
		it.skipIf(process.env.GITHUB_ACTIONS)(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1da49cba939af2d Environment-variable access.
pkgs/npm/@[email protected]/src/toggle-group/toggle-group.test.tsx:303
	it.skipIf(process.env.GITHUB_ACTIONS)(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5f92cf2d0ec857e Environment-variable access.
pkgs/npm/@[email protected]/src/toggle-group/toggle-group.test.tsx:329
	it.skipIf(process.env.GITHUB_ACTIONS)(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffe18738011d48b6 Environment-variable access.
pkgs/npm/@[email protected]/src/toggle-group/toggle-group.test.tsx:353
	it.skipIf(process.env.GITHUB_ACTIONS)(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@npmcli/arborist

npm dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #a7e7034498b01ad0 Environment-variable access.
pkgs/npm/@[email protected]/bin/lib/options.js:57
    cache: `${process.env.HOME}/.npm/_cacache`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4dc903b59f53c5ea Environment-variable access.
pkgs/npm/@[email protected]/lib/debug.js:16
const debug = process.env.ARBORIST_DEBUG !== '0' && (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62bb5580bab57c98 Environment-variable access.
pkgs/npm/@[email protected]/lib/debug.js:17
  process.env.ARBORIST_DEBUG === '1' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59f540257ee65652 Environment-variable access.
pkgs/npm/@[email protected]/lib/debug.js:18
  /\barborist\b/.test(process.env.NODE_DEBUG || '') ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f72183610f2338b8 Environment-variable access.
pkgs/npm/@[email protected]/lib/debug.js:19
  process.env.npm_package_name === '@npmcli/arborist' &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a71bc821774c933 Environment-variable access.
pkgs/npm/@[email protected]/lib/debug.js:20
  ['test', 'snap'].includes(process.env.npm_lifecycle_event) ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6918a710587012f Filesystem access.
pkgs/npm/@[email protected]/lib/shrinkwrap.js:387
      this.#filenameSet.map(file => file && readFile(file, 'utf8').then(d => d, er => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64660e5806b4e587 Filesystem access.
pkgs/npm/@[email protected]/lib/shrinkwrap.js:1165
      writeFile(this.filename, json).catch(er => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15d15e8c304e09eb Filesystem access.
pkgs/npm/@[email protected]/lib/shrinkwrap.js:1177
        writeFile(this.path + '/yarn.lock', this.yarnLock.toString()),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@npmcli/config

npm dependency
expand_more 18 low-confidence finding(s)
low env_fs dependency Excluded from app score #02aa80fb7790c764 Filesystem access.
pkgs/npm/@[email protected]/lib/definitions/definitions.js:13
    return readFileSync(file, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #814fcb86228d921d Environment-variable access.
pkgs/npm/@[email protected]/lib/definitions/definitions.js:51
    process.env.NODE_ENV = 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc3c53bb0e100c3a Environment-variable access.
pkgs/npm/@[email protected]/lib/definitions/definitions.js:57
const editor = process.env.EDITOR ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6771af47fdf9007 Environment-variable access.
pkgs/npm/@[email protected]/lib/definitions/definitions.js:58
  process.env.VISUAL ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a9ef8687d0c5020 Environment-variable access.
pkgs/npm/@[email protected]/lib/definitions/definitions.js:59
  (isWindows ? `${process.env.SYSTEMROOT}\\notepad.exe` : 'vi')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c13537f611be7cb Environment-variable access.
pkgs/npm/@[email protected]/lib/definitions/definitions.js:61
const shell = isWindows ? process.env.ComSpec || 'cmd'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06be9cee845e795c Environment-variable access.
pkgs/npm/@[email protected]/lib/definitions/definitions.js:62
  : process.env.SHELL || 'sh'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a44db179d3630b2 Environment-variable access.
pkgs/npm/@[email protected]/lib/definitions/definitions.js:76
  process.env.LC_ALL ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ee647f8ceb45bff Environment-variable access.
pkgs/npm/@[email protected]/lib/definitions/definitions.js:77
  process.env.LC_CTYPE ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83b1f0ac92afd6f2 Environment-variable access.
pkgs/npm/@[email protected]/lib/definitions/definitions.js:78
  process.env.LANG

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6acf348dcc828638 Environment-variable access.
pkgs/npm/@[email protected]/lib/definitions/definitions.js:83
const cacheRoot = (isWindows && process.env.LOCALAPPDATA) || '~'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42f4a36496326dce Environment-variable access.
pkgs/npm/@[email protected]/lib/definitions/definitions.js:450
    default: !process.env.NO_COLOR || process.env.NO_COLOR === '0',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e6333583de587bc Environment-variable access.
pkgs/npm/@[email protected]/lib/definitions/definitions.js:1442
    default: process.env.NODE_ENV === 'production' ? ['dev'] : [],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d728d352e3a807d9 Environment-variable access.
pkgs/npm/@[email protected]/lib/definitions/definitions.js:1678
    default: !(ciInfo.isCI || !process.stderr.isTTY || !process.stdout.isTTY || process.env.TERM === 'dumb'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b807ebf4341296b Environment-variable access.
pkgs/npm/@[email protected]/lib/definitions/definitions.js:1691
      flatOptions.progress = !!obj.progress && !!process.stderr.isTTY && !!process.stdout.isTTY && process.env.TERM !== 'dumb'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #816e337023c14a4c Environment-variable access.
pkgs/npm/@[email protected]/lib/definitions/definitions.js:2341
      process.env.npm_config_user_agent = flatOptions.userAgent

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d9d9e56741ec464 Filesystem access.
pkgs/npm/@[email protected]/lib/index.js:646
    await readFile(file, 'utf8').then(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #230cb964a4144bfb Filesystem access.
pkgs/npm/@[email protected]/lib/index.js:804
    await writeFile(conf.source, iniData, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@opentui/core

npm dependency
expand_more 37 low-confidence finding(s)
low env_fs dependency Excluded from app score #66f5cc9c3619bf30 Filesystem access.
pkgs/npm/@[email protected]/index-d5xqskty.js:714
  await writeFileNode(destinationPath, bytes, { mode: options?.mode });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfb7ea9d99b7c92a Filesystem access.
pkgs/npm/@[email protected]/index-d5xqskty.js:719
import { existsSync as existsSync3, writeFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73cadbe49ebbb4bb Environment-variable access.
pkgs/npm/@[email protected]/index-d5xqskty.js:5935
  const envValue = process.env[config.name];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a172d4858359d22 Filesystem access.
pkgs/npm/@[email protected]/index-d5xqskty.js:7917
import { existsSync as existsSync2 } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #820002a27622559d Environment-variable access.
pkgs/npm/@[email protected]/index-d5xqskty.js:11808
  const libc = process.env.OPENTUI_LIBC;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2fa77cea3b7c05b5 Environment-variable access.
pkgs/npm/@[email protected]/index-d5xqskty.js:11823
      if (process.env.OPENTUI_LIBC === "musl") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8f0f60bb77e6678 Environment-variable access.
pkgs/npm/@[email protected]/index-d5xqskty.js:11830
      if (process.env.OPENTUI_LIBC === "musl") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0536a5707d29ca74 Filesystem access.
pkgs/npm/@[email protected]/index-d5xqskty.js:13284
      writeFileSync(logPath, msg + `
`, { flag: "a" });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7dfa3808f7b1b5f1 Filesystem access.
pkgs/npm/@[email protected]/index-xt9f071j.js:5371
      fs.writeFileSync(filepath, content, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0bed1e823c13a9e Environment-variable access.
pkgs/npm/@[email protected]/index-xt9f071j.js:6658
  if (process.env.OTUI_USE_ALTERNATE_SCREEN !== undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e69e616ef049a0a Environment-variable access.
pkgs/npm/@[email protected]/index-xt9f071j.js:6663
  if (process.env.OTUI_OVERRIDE_STDOUT !== undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86b254ea592b19c8 Environment-variable access.
pkgs/npm/@[email protected]/index-xt9f071j.js:7208
      const value = process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aba258c1c7d91aa4 Filesystem access.
pkgs/npm/@[email protected]/index.js:2643
    const bytes = await readFile(filePath).catch((err) => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f09fc01cb23fced3 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:5
import { readFile as readFile2, writeFile as writeFile2, mkdir as mkdir2 } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2d37828a18f67cd Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:9
import { mkdir, readFile, writeFile } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9905834d8fd82a5 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:35
        const cachedContent = await readFile(cacheFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b38c044dcec87235 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:49
          await writeFile(cacheFile, Buffer.from(content));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef22ab454a007502 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:61
        const content = await readFile(source);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42239f17b1ba1eb3 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:79
        await writeFile(targetPath, Buffer.from(content));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f8e3e0a8862f710 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:88
        const content = await readFile(source);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2411b66b72b82f1 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:89
        await writeFile(targetPath, Buffer.from(content));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac049a78cd6f00ab Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:118
import { readdir } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e9a60fd98081bc4 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:142
    const configContent = await readFile2(resolvedConfigPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f440a8aba403691a Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:170
        const content = await readFile2(localPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #049d47d933ed3f2d Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:204
  await writeFile2(queryPath, combinedContent, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fbef5767bc94ae66 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:276
  await writeFile2(outputPath, fileContent, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b544bb0f12b7bb2e Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:44
import { mkdir as mkdir3 } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5549548e9cdbe014 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:48
import { mkdir, readFile, writeFile } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4bc5075e412cc9b0 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:74
        const cachedContent = await readFile(cacheFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2163c9d977caa714 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:88
          await writeFile(cacheFile, Buffer.from(content));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3706285bc1177e9 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:100
        const content = await readFile(source);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9c554c539079cd4 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:118
        await writeFile(targetPath, Buffer.from(content));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a171b72f17429751 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:127
        const content = await readFile(source);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #451cebf4bfed6572 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:128
        await writeFile(targetPath, Buffer.from(content));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3975704f366dc0f4 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:322
  await writeFileNode(destinationPath, bytes, { mode: options?.mode });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56d90fbe7b18e867 Filesystem access.
pkgs/npm/@[email protected]/runtime-plugin.js:113
                const packageJson = JSON.parse(readFileSync(packageJsonPath, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94b3efa7ca526341 Filesystem access.
pkgs/npm/@[email protected]/runtime-plugin.js:374
                    contents = readFileSync(normalizedPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@opentui/solid

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #f07d738df73af28c Environment-variable access.
pkgs/npm/@[email protected]/index.bun.js:517
  if (process.env.DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f43ce18cee51bee Environment-variable access.
pkgs/npm/@[email protected]/index.js:491
  if (process.env.DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@parcel/watcher

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs tooling Excluded from app score unknown #bfc1dfdde3210e27 Environment-variable access.
pkgs/npm/@[email protected]/scripts/build-from-source.js:5
if (process.env.npm_config_build_from_source === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@silvia-odwyer/photon-node

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #44ea59f6a288bc45 Filesystem access.
pkgs/npm/@[email protected]/photon_rs.js:4513
const bytes = require('fs').readFileSync(path);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@tanstack/solid-query

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #c85c7cf93812d83d Environment-variable access.
pkgs/npm/@[email protected]/src/useBaseQuery.ts:46
      if (process.env.NODE_ENV !== 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@upstash/redis

npm dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #96d20229ed95d7ad Environment-variable access.
pkgs/npm/@[email protected]/nodejs.js:5712
    const url = process.env.UPSTASH_REDIS_REST_URL || process.env.KV_REST_API_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ec360a1e1e5aad2 Environment-variable access.
pkgs/npm/@[email protected]/nodejs.js:5716
    const token = process.env.UPSTASH_REDIS_REST_TOKEN || process.env.KV_REST_API_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90c6e80334e967ec Environment-variable access.
pkgs/npm/@[email protected]/nodejs.mjs:272
    const url = process.env.UPSTASH_REDIS_REST_URL || process.env.KV_REST_API_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07800371e403d372 Environment-variable access.
pkgs/npm/@[email protected]/nodejs.mjs:276
    const token = process.env.UPSTASH_REDIS_REST_TOKEN || process.env.KV_REST_API_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

bun-pty

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #59a5b409e9a9423d Environment-variable access.
pkgs/npm/[email protected]/src/terminal.integration.test.ts:7
const runIntegrationTests = process.env.RUN_INTEGRATION_TESTS === "true";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee7ca7ab3605f2cf Environment-variable access.
pkgs/npm/[email protected]/src/terminal.ts:32
	const env = process.env.BUN_PTY_LIB;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

chokidar

npm dependency
expand_more 14 low-confidence finding(s)
low env_fs dependency Excluded from app score #bcf4df31d67ad30b Filesystem access.
pkgs/npm/[email protected]/esm/handler.d.ts:1
import type { WatchEventType, Stats, FSWatcher as NativeFsWatcher } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #115f07093aa5346e Filesystem access.
pkgs/npm/[email protected]/esm/handler.js:1
import { watchFile, unwatchFile, watch as fs_watch } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7980938b2f95123 Filesystem access.
pkgs/npm/[email protected]/esm/handler.js:2
import { open, stat, lstat, realpath as fsrealpath } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39d2d0c4202b1930 Filesystem access.
pkgs/npm/[email protected]/esm/index.d.ts:2
import { Stats } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4889745a9e5e9475 Filesystem access.
pkgs/npm/[email protected]/esm/index.js:2
import { stat as statcb } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cee32381236d44e8 Filesystem access.
pkgs/npm/[email protected]/esm/index.js:3
import { stat, readdir } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59e5cff7a8e464dd Environment-variable access.
pkgs/npm/[email protected]/esm/index.js:260
        const envPoll = process.env.CHOKIDAR_USEPOLLING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e71a0a30e3ba4dd Environment-variable access.
pkgs/npm/[email protected]/esm/index.js:270
        const envInterval = process.env.CHOKIDAR_INTERVAL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0a1ed057f1a3949 Filesystem access.
pkgs/npm/[email protected]/handler.d.ts:1
import type { WatchEventType, Stats, FSWatcher as NativeFsWatcher } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8c40470dd1d39a7 Filesystem access.
pkgs/npm/[email protected]/handler.js:4
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1f5cba391ade79b Filesystem access.
pkgs/npm/[email protected]/index.d.ts:2
import { Stats } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f4696db4920a837 Filesystem access.
pkgs/npm/[email protected]/index.js:6
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba813f2932b949df Environment-variable access.
pkgs/npm/[email protected]/index.js:265
        const envPoll = process.env.CHOKIDAR_USEPOLLING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a0acf322c156eed Environment-variable access.
pkgs/npm/[email protected]/index.js:275
        const envInterval = process.env.CHOKIDAR_INTERVAL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

clipboardy

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #93b10a112802df2e Environment-variable access.
pkgs/npm/[email protected]/index.js:19
			if (process.env.PREFIX !== '/data/data/com.termux/files/usr') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

cross-spawn

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #badfa4b7f69a992e Environment-variable access.
pkgs/npm/[email protected]/lib/parse.js:58
        parsed.command = process.env.comspec || 'cmd.exe';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71c97ffab0318ed0 Filesystem access.
pkgs/npm/[email protected]/lib/util/readShebang.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

drizzle-orm

npm dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #df7b5057142fc1ef Filesystem access.
pkgs/npm/[email protected]/migrator.cjs:43
  const journalAsString = import_node_fs.default.readFileSync(`${migrationFolderTo}/meta/_journal.json`).toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e738be2ac89e31b2 Filesystem access.
pkgs/npm/[email protected]/migrator.cjs:48
      const query = import_node_fs.default.readFileSync(`${migrationFolderTo}/${journalEntry.tag}.sql`).toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21ed56e36e238f7e Filesystem access.
pkgs/npm/[email protected]/migrator.js:10
  const journalAsString = fs.readFileSync(`${migrationFolderTo}/meta/_journal.json`).toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d81052329c7443a5 Filesystem access.
pkgs/npm/[email protected]/migrator.js:15
      const query = fs.readFileSync(`${migrationFolderTo}/${journalEntry.tag}.sql`).toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

electron-context-menu

npm dependency
expand_more 1 low-confidence finding(s)
low egress dependency Excluded from app score #949c0619e2a18fb2 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/index.js:66
					const url = new URL('https://www.google.com/search');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

electron-log

npm dependency
expand_more 18 low-confidence finding(s)
low env_fs dependency Excluded from app score #b1ed9b8f0d8fbc5f Filesystem access.
pkgs/npm/[email protected]/src/main/initialize.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #895a54bb16115a3a Filesystem access.
pkgs/npm/[email protected]/src/main/initialize.js:81
    fs.writeFileSync(preloadPath, preloadCode, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d545ce3b1caf844 Environment-variable access.
pkgs/npm/[email protected]/src/node/NodeExternalApi.js:121
        return process.env.APPDATA || path.join(home, 'AppData/Roaming');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2316f00dd087ee3c Environment-variable access.
pkgs/npm/[email protected]/src/node/NodeExternalApi.js:125
        return process.env.XDG_CONFIG_HOME || path.join(home, '.config');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd1a445e8b31f4d7 Environment-variable access.
pkgs/npm/[email protected]/src/node/NodeExternalApi.js:131
    return os.homedir?.() || process.env.HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1aa981edf798b0e Environment-variable access.
pkgs/npm/[email protected]/src/node/NodeExternalApi.js:147
    return process.env.NODE_ENV === 'development'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e56da31eea4e9ef8 Environment-variable access.
pkgs/npm/[email protected]/src/node/NodeExternalApi.js:148
      || process.env.ELECTRON_IS_DEV === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a661bbfd2344f471 Filesystem access.
pkgs/npm/[email protected]/src/node/packageJson.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f36f287f8d8d4758 Filesystem access.
pkgs/npm/[email protected]/src/node/packageJson.js:39
    const json = JSON.parse(fs.readFileSync(fileName, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #663612c40270404c Environment-variable access.
pkgs/npm/[email protected]/src/node/transports/console.js:56
    useStyles: process.env.FORCE_STYLES,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3f83bff1e8bcbda Filesystem access.
pkgs/npm/[email protected]/src/node/transports/file/File.js:4
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cecf66f3e448a2d Filesystem access.
pkgs/npm/[email protected]/src/node/transports/file/File.js:34
      fs.writeFileSync(this.path, '', {
        mode: this.writeOptions.mode,
        flag: 'w',
      });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7cd67388b825a6a4 Filesystem access.
pkgs/npm/[email protected]/src/node/transports/file/File.js:96
    fs.writeFile(this.path, text, this.writeOptions, (e) => {
      file.hasActiveAsyncWriting = false;

      if (e) {
        file.emit(
          'error',
          new Error(`Couldn't write to ${file.path}. ${e.message}`),
          this,
        );
      } else {
        file.increaseBytesWrittenCounter(text);
      }

      file.nextAsyncWrite();
    });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af2ebc4f20d8e7bb Filesystem access.
pkgs/npm/[email protected]/src/node/transports/file/File.js:132
      fs.writeFileSync(this.path, text, this.writeOptions);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca8d9dbe48b53500 Filesystem access.
pkgs/npm/[email protected]/src/node/transports/file/FileRegistry.js:4
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c2e73cf332e524a Filesystem access.
pkgs/npm/[email protected]/src/node/transports/file/FileRegistry.js:72
    fs.writeFileSync(filePath, '', { flag: 'a', mode: writeOptions.mode });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f064c75e1ccc3d6d Filesystem access.
pkgs/npm/[email protected]/src/node/transports/file/index.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04d51ea692cc53d2 Filesystem access.
pkgs/npm/[email protected]/src/node/transports/file/index.js:149
            lines: fs.readFileSync(logPath, 'utf8').split(os.EOL),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

electron-updater

npm dependency
expand_more 15 low-confidence finding(s)
low env_fs dependency Excluded from app score #6c82b7ee8c5c92ae Environment-variable access.
pkgs/npm/[email protected]/out/AppAdapter.js:11
        result = process.env["LOCALAPPDATA"] || path.join(homedir, "AppData", "Local");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53b3126c94bf6bd4 Environment-variable access.
pkgs/npm/[email protected]/out/AppAdapter.js:17
        result = process.env["XDG_CACHE_HOME"] || path.join(homedir, ".cache");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e8d9b389cf6f934 Filesystem access.
pkgs/npm/[email protected]/out/AppImageUpdater.js:7
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ab0ad5677b7ceee Environment-variable access.
pkgs/npm/[email protected]/out/AppImageUpdater.js:18
        if (process.env["APPIMAGE"] == null && !this.forceDevUpdateConfig) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1547d58ac681cde Environment-variable access.
pkgs/npm/[email protected]/out/AppImageUpdater.js:19
            if (process.env["SNAP"] == null) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cbccf72c199d61e3 Environment-variable access.
pkgs/npm/[email protected]/out/AppImageUpdater.js:38
                const oldFile = process.env["APPIMAGE"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #acdb70a7f366f6ee Environment-variable access.
pkgs/npm/[email protected]/out/AppImageUpdater.js:73
        const appImageFile = process.env["APPIMAGE"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d2a93b11c78c5f8 Filesystem access.
pkgs/npm/[email protected]/out/DownloadedUpdateHelper.js:6
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #736dd941be69f414 Environment-variable access.
pkgs/npm/[email protected]/out/LinuxUpdater.js:96
        const pmOverride = (_a = process.env.ELECTRON_BUILDER_LINUX_PACKAGE_MANAGER) === null || _a === void 0 ? void 0 : _a.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57d999e375ac0811 Filesystem access.
pkgs/npm/[email protected]/out/MacUpdater.js:6
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9d556f84fb293ba Filesystem access.
pkgs/npm/[email protected]/out/differentialDownloader/DataSplitter.js:6
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9fdadca67adad307 Filesystem access.
pkgs/npm/[email protected]/out/differentialDownloader/DifferentialDownloader.js:6
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #089f3791b28a854b Environment-variable access.
pkgs/npm/[email protected]/out/differentialDownloader/downloadPlanBuilder.js:73
const isValidateOperationRange = process.env["DIFFERENTIAL_DOWNLOAD_PLAN_BUILDER_VALIDATE_RANGES"] === "true";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #988e1326cc557d40 Environment-variable access.
pkgs/npm/[email protected]/out/providerFactory.js:24
            const token = (githubOptions.private ? process.env["GH_TOKEN"] || process.env["GITHUB_TOKEN"] : null) || githubOptions.token;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94e8c361bd06a5ea Environment-variable access.
pkgs/npm/[email protected]/out/providers/Provider.js:32
            const arch = process.env["TEST_UPDATER_ARCH"] || process.arch;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

electron-window-state

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #0ff990257ac3dffe Filesystem access.
pkgs/npm/[email protected]/index.js:110
      jsonfile.writeFileSync(fullStoreFileName, state);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b66bebac932c3444 Filesystem access.
pkgs/npm/[email protected]/index.js:159
    state = jsonfile.readFileSync(fullStoreFileName);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

gray-matter

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #f9a21f7477ec62e8 Filesystem access.
pkgs/npm/[email protected]/index.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be925ebeae5a6f06 Filesystem access.
pkgs/npm/[email protected]/index.js:179
  const str = fs.readFileSync(filepath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

immer

npm dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #17c8e99f6b966073 Environment-variable access.
pkgs/npm/[email protected]/src/core/proxy.ts:269
	if (process.env.NODE_ENV !== "production" && isNaN(parseInt(prop as any)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a691c7dc1a89e2c Environment-variable access.
pkgs/npm/[email protected]/src/core/proxy.ts:276
		process.env.NODE_ENV !== "production" &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #693c87430489788c Environment-variable access.
pkgs/npm/[email protected]/src/plugins/patches.ts:37
	if (process.env.NODE_ENV !== "production") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #690f5da8b5505b29 Environment-variable access.
pkgs/npm/[email protected]/src/utils/errors.ts:4
	process.env.NODE_ENV !== "production"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00eb61fe099770ac Environment-variable access.
pkgs/npm/[email protected]/src/utils/errors.ts:42
	if (process.env.NODE_ENV !== "production") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

katex

npm dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #4246bc137cd89830 Filesystem access.
pkgs/npm/[email protected]/cli.js:21
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4a9d2d6c7e16115 Filesystem access.
pkgs/npm/[email protected]/cli.js:42
        fs.readFile(options.macroFile, "utf-8", function(err, data) {
            if (err) {throw err;}
            splitMacros(data.toString().split('\n'));
        });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85d436f51bad7076 Filesystem access.
pkgs/npm/[email protected]/cli.js:73
        fs.readFile(options.input, "utf-8", function(err, data) {
            if (err) {throw err;}
            input = data.toString();
            writeOutput(input);
        });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ee83ff17ce4cb6f Filesystem access.
pkgs/npm/[email protected]/cli.js:97
        fs.writeFile(outputFile, output, function(err) {
            if (err) {
                return console.log(err);
            }
        });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

open

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #1991632038c76b86 Filesystem access.
pkgs/npm/[email protected]/index.js:52
		const configContent = await fs.readFile(configFilePath, {encoding: 'utf8'});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ba4a182c4a00478 Environment-variable access.
pkgs/npm/[email protected]/index.js:219
			: `${process.env.SYSTEMROOT || process.env.windir || 'C:\\Windows'}\\System32\\WindowsPowerShell\\v1.0\\powershell`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

postgres

npm dependency
expand_more 8 low-confidence finding(s)
low env_fs dependency Excluded from app score #8d65c634c4e832e8 Filesystem access.
pkgs/npm/[email protected]/cf/src/index.js:133
        fs.readFile(path, 'utf8', (err, string) => {
          if (err)
            return query.reject(err)

          query.strings = [string]
          handler(query)
        })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cec7092d7a8342f1 Environment-variable access.
pkgs/npm/[email protected]/cf/src/index.js:565
    return process.env.USERNAME || process.env.USER || process.env.LOGNAME  // eslint-disable-line

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90ac33442c1c4e1b Filesystem access.
pkgs/npm/[email protected]/cjs/src/index.js:2
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be318a91d7608ff5 Filesystem access.
pkgs/npm/[email protected]/cjs/src/index.js:132
        fs.readFile(path, 'utf8', (err, string) => {
          if (err)
            return query.reject(err)

          query.strings = [string]
          handler(query)
        })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f7118e71a1bec01 Environment-variable access.
pkgs/npm/[email protected]/cjs/src/index.js:564
    return process.env.USERNAME || process.env.USER || process.env.LOGNAME  // eslint-disable-line

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e52f09dd6e5527b7 Filesystem access.
pkgs/npm/[email protected]/src/index.js:2
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aff0f6db556e5a23 Filesystem access.
pkgs/npm/[email protected]/src/index.js:132
        fs.readFile(path, 'utf8', (err, string) => {
          if (err)
            return query.reject(err)

          query.strings = [string]
          handler(query)
        })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #522f5699776a76e2 Environment-variable access.
pkgs/npm/[email protected]/src/index.js:564
    return process.env.USERNAME || process.env.USER || process.env.LOGNAME  // eslint-disable-line

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

typescript

npm dependency
expand_more 10 low-confidence finding(s)
low env_fs dependency Excluded from app score #65a7e3c74edcea54 Filesystem access.
pkgs/npm/[email protected]/lib/_tsserver.js:51
var import_fs = __toESM(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9400367348f59cb2 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:309
    const envLogOptions = parseLoggingEnvironmentString(process.env.TSS_LOG);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd6616c2847522ff Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:535
  const traceDir = commandLineTraceDir ? (0, typescript_exports.stripQuotes)(commandLineTraceDir) : process.env.TSS_TRACE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #149dab751b970b88 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:548
        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fbf683c54c2874ff Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:565
    if (process.env.XDG_CACHE_HOME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5aa06fdf6d10e37 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:566
      return process.env.XDG_CACHE_HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #542182b729807cf3 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:569
    const homePath = import_os.default.homedir && import_os.default.homedir() || process.env.HOME || (process.env.LOGNAME || process.env.USER) && `/${usersDir}/${process.env.LOGNAME || process.env.USER}` || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4886a97b3fb31955 Filesystem access.
pkgs/npm/[email protected]/lib/_typingsInstaller.js:44
var fs = __toESM(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b005ebe36f7a673 Filesystem access.
pkgs/npm/[email protected]/lib/_typingsInstaller.js:88
    const content = JSON.parse(host.readFile(typesRegistryFilePath));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #619c321a82a2e7f8 Filesystem access.
pkgs/npm/[email protected]/lib/watchGuard.js:42
var fs = __toESM(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

vscode-jsonrpc

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #46991c138119bb50 Environment-variable access.
pkgs/npm/[email protected]/lib/node/main.js:152
const XDG_RUNTIME_DIR = process.env['XDG_RUNTIME_DIR'];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

web-tree-sitter

npm dependency
expand_more 20 low-confidence finding(s)
low env_fs dependency Excluded from app score #96cbeab1b8360bbf Filesystem access.
pkgs/npm/[email protected]/debug/tree-sitter.cjs:83
          var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbeee77e93a57dda Filesystem access.
pkgs/npm/[email protected]/debug/tree-sitter.cjs:88
            var ret = fs.readFileSync(filename);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #afd5936ef03c7819 Filesystem access.
pkgs/npm/[email protected]/debug/tree-sitter.cjs:94
            var ret = fs.readFileSync(filename, binary2 ? void 0 : "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #563c21eafc8037df Filesystem access.
pkgs/npm/[email protected]/debug/tree-sitter.cjs:4287
        bytes = fs2.readFile(input);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5144cd90da1bf7d2 Filesystem access.
pkgs/npm/[email protected]/debug/tree-sitter.js:2035
        bytes = fs2.readFile(input);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a041397d96f6dc9f Filesystem access.
pkgs/npm/[email protected]/debug/tree-sitter.js:2109
      var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8402d637ebb51daa Filesystem access.
pkgs/npm/[email protected]/debug/tree-sitter.js:2116
        var ret = fs.readFileSync(filename);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35cc60b7c3e990ce Filesystem access.
pkgs/npm/[email protected]/debug/tree-sitter.js:2122
        var ret = fs.readFileSync(filename, binary2 ? void 0 : "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1398f4059c34c2bc Filesystem access.
pkgs/npm/[email protected]/lib/tree-sitter.cjs:98
  var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #572e20ff79eb06fc Filesystem access.
pkgs/npm/[email protected]/lib/tree-sitter.cjs:105
    var ret = fs.readFileSync(filename);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f28b7756891a57a Filesystem access.
pkgs/npm/[email protected]/lib/tree-sitter.cjs:112
    var ret = fs.readFileSync(filename, binary ? undefined : "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4486eda8df9e125 Filesystem access.
pkgs/npm/[email protected]/src/language.ts:265
        bytes = fs.readFile(input);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7d266de8d7aca8f Filesystem access.
pkgs/npm/[email protected]/tree-sitter.cjs:75
          var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e200846bc8d600ea Filesystem access.
pkgs/npm/[email protected]/tree-sitter.cjs:80
            var ret = fs.readFileSync(filename);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0ea9945f6efeeca Filesystem access.
pkgs/npm/[email protected]/tree-sitter.cjs:85
            var ret = fs.readFileSync(filename, binary2 ? void 0 : "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0faf9441fa145d5 Filesystem access.
pkgs/npm/[email protected]/tree-sitter.cjs:3760
        bytes = fs2.readFile(input);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1b0a86405c907a8 Filesystem access.
pkgs/npm/[email protected]/tree-sitter.js:2035
        bytes = fs2.readFile(input);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8aaa0a66fce9549 Filesystem access.
pkgs/npm/[email protected]/tree-sitter.js:2101
      var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab2ffd47e07bd37d Filesystem access.
pkgs/npm/[email protected]/tree-sitter.js:2108
        var ret = fs.readFileSync(filename);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f21bf9ae990a8c3 Filesystem access.
pkgs/npm/[email protected]/tree-sitter.js:2113
        var ret = fs.readFileSync(filename, binary2 ? void 0 : "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ws

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #eaabb5da5f0416ab Environment-variable access.
pkgs/npm/[email protected]/lib/buffer-util.js:115
if (!process.env.WS_NO_BUFFER_UTIL) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd2668ed410a6409 Environment-variable access.
pkgs/npm/[email protected]/lib/validation.js:142
} /* istanbul ignore else  */ else if (!process.env.WS_NO_UTF_8_VALIDATE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

yargs

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #0687e6e790b35916 Environment-variable access.
pkgs/npm/[email protected]/lib/platform-shims/esm.mjs:29
    return process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

  • @opencode-ai/plugin prod — dist-only: no readable source
  • @opencode-ai/script prod — registry 404
  • @opencode-ai/sdk prod — dist-only: no readable source
  • @agentclientprotocol/sdk prod — dist-only: no readable source
  • @clack/prompts prod — dist-only: no readable source
  • @gitlab/opencode-gitlab-auth prod — dist-only: no readable source
  • @modelcontextprotocol/sdk prod — dist-only: no readable source
  • @opencode-ai/codemode prod — registry 404
  • @opencode-ai/llm prod — registry 404
  • @opencode-ai/tui prod — registry 404
  • @openrouter/ai-sdk-provider prod — dist-only: no readable source
  • @pierre/diffs prod — dist-only: no readable source
  • @solid-primitives/event-bus prod — dist-only: no readable source
  • @solid-primitives/scheduled prod — dist-only: no readable source
  • @standard-schema/spec prod — dist-only: no readable source
  • ai-gateway-provider prod — dist-only: no readable source
  • gitlab-ai-provider prod — dist-only: no readable source
  • minimatch prod — dist-only: no readable source
  • opencode-gitlab-auth prod — dist-only: no readable source
  • opencode-poe-auth prod — dist-only: no readable source
  • opentui-spinner prod — dist-only: no readable source
  • partial-json prod — dist-only: no readable source
  • remeda prod — dist-only: no readable source
  • ulid prod — dist-only: no readable source
  • venice-ai-sdk-provider prod — dist-only: no readable source
  • hono prod — dist-only: no readable source
  • jose prod — dist-only: no readable source
  • @opencode-ai/client prod — no javascript source
  • acorn prod — dist-only: no readable source
  • @opencode-ai/effect-drizzle-sqlite prod — registry 404
  • @opencode-ai/effect-sqlite-node prod — registry 404
  • @shikijs/transformers prod — dist-only: no readable source
  • @solid-primitives/bounds prod — dist-only: no readable source
  • @solid-primitives/event-listener prod — dist-only: no readable source
  • @solid-primitives/media prod — dist-only: no readable source
  • @solid-primitives/resize-observer prod — dist-only: no readable source
  • @shikijs/stream prod — dist-only: no readable source
  • dompurify prod — dist-only: no readable source
  • marked-shiki prod — dist-only: no readable source
  • motion prod — dist-only: no readable source
  • motion-dom prod — dist-only: no readable source
  • motion-utils prod — dist-only: no readable source
  • remend prod — dist-only: no readable source
  • shiki prod — dist-only: no readable source
  • solid-list prod — dist-only: no readable source
  • @slack/bolt prod — dist-only: no readable source
  • @dnd-kit/helpers prod — dist-only: no readable source
  • @pierre/trees prod — dist-only: no readable source
  • @solid-primitives/active-element prod — dist-only: no readable source
  • @solid-primitives/audio prod — dist-only: no readable source
  • @solid-primitives/scroll prod — dist-only: no readable source
  • @solid-primitives/timer prod — dist-only: no readable source
  • @solid-primitives/websocket prod — dist-only: no readable source
  • @thisbeyond/solid-dnd prod — dist-only: no readable source
  • aws4fetch prod — dist-only: no readable source
  • ghostty-web prod — dist-only: no readable source
  • @hono/standard-validator prod — dist-only: no readable source
  • hono-openapi prod — dist-only: no readable source
  • @astrojs/cloudflare prod — dist-only: no readable source
  • @astrojs/markdown-remark prod — dist-only: no readable source
  • @astrojs/solid-js prod — dist-only: no readable source
  • @fontsource/ibm-plex-mono prod — no javascript source
  • @jsx-email/all prod — dist-only: no readable source
  • @jsx-email/cli prod — dist-only: no readable source
  • @opencode-ai/console-core prod — registry 404
  • @opencode-ai/console-resource prod — registry 404
  • @jsx-email/render prod — dist-only: no readable source
  • @opencode-ai/console-mail prod — registry 404
  • @planetscale/database prod — dist-only: no readable source
  • @cloudflare/vite-plugin prod — dist-only: no readable source
  • @ibm/plex prod — tarball exceeds byte cap
  • solid-stripe prod — dist-only: no readable source
  • @opencode-ai/stats-core prod — registry 404
  • d3-scale prod — scan budget exceeded
  • i18n-iso-countries prod — scan budget exceeded
  • topojson-client prod — scan budget exceeded
  • world-atlas prod — scan budget exceeded