Close Open Privacy Scan

bolt Snapshot: commit 52d5e8f
science engine v2
schedule 2026-07-01T18:06:54.667029+00:00

verified_user No application data leak found

No high-confidence exfiltration was found in application code.

App Privacy Score

97 /100
Low privacy risk

Low risk · 28 finding(s)

Dependency score: 97 (Low risk)

bar_chart Score Breakdown

env_fs −3

list Scan Summary

0 high 0 medium 28 low
First-party packages: 1
Dependency packages: 4
Ecosystem: npm

swap_horiz Application data flows

No high- or medium-confidence application data-flow findings in this scan.

</> First-Party Code

first-party (npm)

npm first-party
expand_more 13 low-confidence finding(s)
low env_fs test-only #885bec29bbe87978 Environment-variable access.
repo/__tests__/application/index.test.js:39
    const NODE_ENV = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a2c3cc3e1ce06dc3 Environment-variable access.
repo/__tests__/application/index.test.js:40
    process.env.NODE_ENV = ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5bc04906a077b189 Environment-variable access.
repo/__tests__/application/index.test.js:42
    process.env.NODE_ENV = NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fe91fcfdb2152a7e Environment-variable access.
repo/__tests__/application/inspect.test.js:8
process.env.NODE_ENV = 'test'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #36f1c9acca56aefe Filesystem access.
repo/__tests__/application/respond.test.js:8
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e98263b421faa546 Filesystem access.
repo/__tests__/application/respond.test.js:163
      const { length } = fs.readFileSync('package.json')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #820b5135d40ffbca Filesystem access.
repo/__tests__/application/respond.test.js:780
        ctx.length = fs.readFileSync('package.json').length

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4673df6faabfc1f4 Filesystem access.
repo/__tests__/application/respond.test.js:799
          ctx.length = fs.readFileSync('package.json').length

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow test-only Excluded from app score #67ff23987281b531 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration. Test harness — not production egress.
repo/__tests__/application/respond.test.js:926 · flow /tmp/closeopen-ofcj0j7_/repo/__tests__/application/respond.test.js:927 → /tmp/closeopen-ofcj0j7_/repo/__tests__/application/respond.test.js:926
        const req = http.request({
          port: server.address().port,
          path: '/'
        })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

low env_fs test-only #cc8ce678e5c6e728 Filesystem access.
repo/__tests__/response/body.test.js:7
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow test-only Excluded from app score #719c3c8054f34420 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration. Test harness — not production egress.
repo/__tests__/response/flushHeaders.test.js:107 · flow /tmp/closeopen-ofcj0j7_/repo/__tests__/response/flushHeaders.test.js:104 → /tmp/closeopen-ofcj0j7_/repo/__tests__/response/flushHeaders.test.js:107
      const req = http.request({ port })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

low env_fs test-only #2318b14a70eef7f0 Filesystem access.
repo/__tests__/response/length.test.js:6
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c662d74fe5ae0488 Environment-variable access.
repo/lib/application.js:79
    this.env = options.env || process.env.NODE_ENV || 'development'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

c8

npm dependency
expand_more 11 low-confidence finding(s)
low env_fs dependency Excluded from app score #36e5876eee3dcdda Environment-variable access.
pkgs/npm/[email protected]/bin/c8.js:27
    process.env.NODE_V8_COVERAGE = argv.tempDirectory

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #297f6691b80a012e Environment-variable access.
pkgs/npm/[email protected]/lib/commands/report.js:40
    monocartArgv: (argv.experimentalMonocart || process.env.EXPERIMENTAL_MONOCART) ? argv : null

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93e2132f0198f51d Filesystem access.
pkgs/npm/[email protected]/lib/parse-args.js:4
const { readFileSync } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #379bf4c1a66376be Filesystem access.
pkgs/npm/[email protected]/lib/parse-args.js:18
        const config = JSON.parse(readFileSync(path))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5ff653805048c68 Environment-variable access.
pkgs/npm/[email protected]/lib/parse-args.js:129
      default: process.env.NODE_V8_COVERAGE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #193a61631acd86a4 Filesystem access.
pkgs/npm/[email protected]/lib/report.js:9
  ;({ readFile } = require('fs').promises)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a88af804e563557 Filesystem access.
pkgs/npm/[email protected]/lib/report.js:11
const { readdirSync, readFileSync, statSync } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e905feaba4bcec8 Filesystem access.
pkgs/npm/[email protected]/lib/report.js:452
        reports.push(JSON.parse(readFileSync(
          resolve(this.tempDirectory, file),
          'utf8'
        )))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e924bd8e9e6d65e Filesystem access.
pkgs/npm/[email protected]/lib/source-map-from-file.js:27
const { readFileSync } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2dea6768ac30a16 Filesystem access.
pkgs/npm/[email protected]/lib/source-map-from-file.js:40
  const fileBody = readFileSync(filename).toString()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7373dd3c0dccda63 Filesystem access.
pkgs/npm/[email protected]/lib/source-map-from-file.js:71
    const content = readFileSync(fileURLToPath(mapURL), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

destroy

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #3b1488f40394c10a Filesystem access.
pkgs/npm/[email protected]/index.js:16
var ReadStream = require('fs').ReadStream

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

gen-esm-wrapper

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #949296b2321fbd8a Filesystem access.
pkgs/npm/[email protected]/gen-esm-wrapper.js:5
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11dd5cbf300d2438 Filesystem access.
pkgs/npm/[email protected]/gen-esm-wrapper.js:81
  fs.writeFileSync(target, output);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

standard

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #c4dc6da2df690c3e Filesystem access.
pkgs/npm/[email protected]/lib/options.js:8
const pkgJSON = readFileSync(pkgURL, { encoding: 'utf-8' })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

  • content-disposition prod — dist-only: no readable source
  • content-type prod — dist-only: no readable source