Close Open Privacy Scan

bolt Snapshot: commit e3924aa
science engine v3
schedule 2026-07-08T04:05:42.840142+00:00

verified_user No application data leak found

No high-confidence exfiltration was found in application code.

App Privacy Score

97 /100
Low privacy risk

Low risk · 2 finding(s)

Dependency score: 100 (Low risk)

bar_chart Score Breakdown

env_fs −3

list Scan Summary

0 high 0 medium 2 low
First-party packages: 1
Dependency packages: 0
Ecosystem: npm

swap_horiz Application data flows

No high- or medium-confidence application data-flow findings in this scan.

</> First-Party Code

first-party (npm)

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #a8a0b8f863932cae Environment-variable access.
repo/documentation/examples/advanced-creation.js:113
				const secret = options.context.secret ?? process.env.SECRET;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b2e1c4779741992 Environment-variable access.
repo/documentation/examples/gh-got.js:23
		token: process.env.GITHUB_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

  • cacheable-request prod — dist-only: no readable source
  • keyv prod — dist-only: no readable source