Close Open Privacy Scan
App Privacy Score
97
/100
Low privacy risk
Low risk · 2 finding(s)
Dependency score: 100 (Low risk)
bar_chart Score Breakdown
env_fs
−3
list Scan Summary
0 high
0 medium
2 low
First-party packages:
1
Dependency packages:
0
Ecosystem:
npm
swap_horiz Application data flows
No high- or medium-confidence application data-flow findings in this scan.
</> First-Party Code
first-party (npm)
npm first-partyexpand_more 2 low-confidence finding(s)
low
env_fs
production
#a8a0b8f863932cae
—
Environment-variable access.
repo/documentation/examples/advanced-creation.js:113
const secret = options.context.secret ?? process.env.SECRET;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
low
env_fs
production
#9b2e1c4779741992
—
Environment-variable access.
repo/documentation/examples/gh-got.js:23
token: process.env.GITHUB_TOKEN,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
Skipped dependencies
Production
- cacheable-request prod — dist-only: no readable source
- keyv prod — dist-only: no readable source