Close Open Privacy Scan

bolt Snapshot: commit 03fbed2
science engine v2
schedule 2026-07-01T10:07:08.782790+00:00

verified_user No application data leak found

No high-confidence exfiltration was found in application code.

App Privacy Score

97 /100
Low privacy risk

Low risk · 167 finding(s)

Dependency score: 97 (Low risk)

bar_chart Score Breakdown

env_fs −3

list Scan Summary

0 high 0 medium 167 low
First-party packages: 1
Dependency packages: 20
Ecosystem: npm

swap_horiz Application data flows

No high- or medium-confidence application data-flow findings in this scan.

</> First-Party Code

first-party (npm)

npm first-party
expand_more 16 low-confidence finding(s)
low env_fs production #4ed722b34be1946b Filesystem access.
repo/perf/benchmark.js:6
var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e71a1699f7161dfb Filesystem access.
repo/support/build.test.js:6
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a79aff1b9ea47b1c Filesystem access.
repo/support/generate-index.js:4
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #64e2a932aaf80ca8 Filesystem access.
repo/support/generate-index.js:17
        template: cb => fs.readFile(path.join(__dirname, './index-template.js'), 'utf8', cb),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e4119fd3e28ff57 Filesystem access.
repo/support/generate-index.js:30
    fs.readFileSync(path.join(__dirname, 'aliases.txt'), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #65d8e9baf6a34ac0 Filesystem access.
repo/support/jsdoc/jsdoc-fix-html.js:32
    fs.writeFile(filename, HTMLdata, callback);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b14f849e638b3362 Filesystem access.
repo/support/jsdoc/jsdoc-fix-html.js:44
    fs.readFile(path.join(docsDir, mainModuleFile), 'utf8', (fileErr, mainModuleData) => {
        if (fileErr) return callback(fileErr);

        var $mainPage = $(mainModuleData);
        // each 'module' (category) has a separate page, with all of the
        // important information in a 'main' div. Combine all of these divs into
        // one on the actual module page (async)
        async.eachSeries(moduleFiles, (file, fileCallback) => {
            fs.readFile(path.join(docsDir, file), 'utf8', (err, moduleData) => {
                if (err) return fileCallback(err);
                var $modulePage = $(moduleData);
                var moduleName = $modulePage.find(sectionTitleClass).text();
                $modulePage.find(sectionTitleClass).attr('id', moduleName.toLowerCase());
                $mainPage.find(mainScrollableSection).append($modulePage.find(mainScrollableSection).html());
                return fileCallback();
            });
        }, (err) => {
            if (err) return callback(err);
            generateHTMLFile(path.join(docsDir, docFilename), $mainPage, callback);
        });
    });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #66a0b7b3fa436027 Filesystem access.
repo/support/jsdoc/jsdoc-fix-html.js:52
            fs.readFile(path.join(docsDir, file), 'utf8', (err, moduleData) => {
                if (err) return fileCallback(err);
                var $modulePage = $(moduleData);
                var moduleName = $modulePage.find(sectionTitleClass).text();
                $modulePage.find(sectionTitleClass).attr('id', moduleName.toLowerCase());
                $mainPage.find(mainScrollableSection).append($modulePage.find(mainScrollableSection).html());
                return fileCallback();
            });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4c33eaa27083f03 Filesystem access.
repo/support/jsdoc/jsdoc-fix-html.js:155
        fs.readFile(filePath, 'utf8', (err, fileData) => {
            if (err) return fileCallback(err);
            var $file = $(applyPreCheerioFixes(fileData));

            var $vDropdown = $file.find('#version-dropdown');
            $vDropdown.find('.dropdown-toggle').contents().get(0).data = 'v'+VERSION+' ';
            $vDropdown.find('a[href="'+docFilename+'"]').text('v'+VERSION);

            fixToc(file, $file, moduleFiles);
            fixFooter($file);
            $file.find('[href="'+mainModuleFile+'"]').attr('href', docFilename);
            generateHTMLFile(filePath, $file, fileCallback);
        });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59a101d858b8b0cf Filesystem access.
repo/support/jsdoc/theme/publish.js:224
    fs.writeFileSync(outpath, html, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59b597d9337cfed5 Filesystem access.
repo/support/jsdoc/theme/publish.js:240
                code: helper.htmlsafe( fs.readFileSync(sourceFiles[file].resolved, encoding) )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #00caa038252fd90b Filesystem access.
repo/support/jsdoc/theme/publish.js:700
        fs.writeFileSync(tutorialPath, html, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bbd74ab3e60e16c1 Filesystem access.
repo/support/sync-cjs-package.js:3
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bd1ed269ee2cde17 Filesystem access.
repo/support/sync-cjs-package.js:4
var json = JSON.parse(fs.readFileSync(__dirname + "/../package.json"), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #53dfbf7ad3bf301d Filesystem access.
repo/support/sync-es-package.js:3
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e1e45972b982394a Filesystem access.
repo/support/sync-es-package.js:4
var json = JSON.parse(fs.readFileSync(__dirname + "/../package.json"), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

@babel/core

npm dependency
expand_more 11 low-confidence finding(s)
low env_fs dependency Excluded from app score #b75ef711562c9636 Filesystem access.
pkgs/npm/@[email protected]/lib/config/files/configuration.js:20
  const data = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d79de2635e75f464 Environment-variable access.
pkgs/npm/@[email protected]/lib/config/files/configuration.js:241
  const targetPath = process.env.BABEL_SHOW_CONFIG_FOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36eb1f2ed4d6b232 Filesystem access.
pkgs/npm/@[email protected]/lib/config/files/plugins.js:35
  const data = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1565779426dce76 Filesystem access.
pkgs/npm/@[email protected]/lib/config/files/utils.js:10
  const data = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f84948c821a46ed Filesystem access.
pkgs/npm/@[email protected]/lib/config/files/utils.js:22
    return fn(filepath, yield* fs.readFile(filepath, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1611af040c0eb1a4 Environment-variable access.
pkgs/npm/@[email protected]/lib/config/helpers/environment.js:8
  return process.env.BABEL_ENV || process.env.NODE_ENV || defaultValue;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e85aefd8db343cdf Filesystem access.
pkgs/npm/@[email protected]/lib/gensync-utils/fs.js:8
  const data = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1fabbcfe9e3505a3 Filesystem access.
pkgs/npm/@[email protected]/lib/transform-file.js:26
  const code = yield* fs.readFile(filename, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4285ede0d772659f Filesystem access.
pkgs/npm/@[email protected]/lib/transformation/normalize-file.js:8
  const data = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7f5f3d2138fd7c7 Filesystem access.
pkgs/npm/@[email protected]/lib/transformation/normalize-file.js:88
          const inputMapContent = _fs().readFileSync(_path().resolve(_path().dirname(options.filename), match[1]), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b6b81b236c06bdb Filesystem access.
pkgs/npm/@[email protected]/src/transform-file.ts:26
  const code = yield* fs.readFile(filename, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

babel-minify

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #67aaff027520aa2f Filesystem access.
pkgs/npm/[email protected]/lib/fs.js:13
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

babel-plugin-istanbul

npm dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #74b6d013ed8b7789 Filesystem access.
pkgs/npm/[email protected]/lib/index.js:8
var _fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd865eaf5b422ddf Environment-variable access.
pkgs/npm/[email protected]/lib/index.js:52
  const cwd = getRealpath(opts.cwd || process.env.NYC_CWD || /* istanbul ignore next */process.cwd());

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1235d9ac6b6ba09b Environment-variable access.
pkgs/npm/[email protected]/lib/index.js:64
  if (ignored.length === 0 && process.env.NYC_CONFIG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fed3939f6c87d620 Environment-variable access.
pkgs/npm/[email protected]/lib/index.js:66
    return JSON.parse(process.env.NYC_CONFIG);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

babel-register

npm dependency
expand_more 7 low-confidence finding(s)
low env_fs dependency Excluded from app score #576fabc0ef4cd1a1 Filesystem access.
pkgs/npm/[email protected]/lib/cache.js:17
var _fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #087bb0f3b24af7b3 Environment-variable access.
pkgs/npm/[email protected]/lib/cache.js:29
var FILENAME = process.env.BABEL_CACHE_PATH || _path2.default.join(_homeOrTmp2.default, ".babel.json");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8aa0e6f978b10a8d Filesystem access.
pkgs/npm/[email protected]/lib/cache.js:48
  _fs2.default.writeFileSync(FILENAME, serialised);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e0454396794ec4f Environment-variable access.
pkgs/npm/[email protected]/lib/cache.js:52
  if (process.env.BABEL_DISABLE_CACHE) return;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a402e6c3c36df130 Filesystem access.
pkgs/npm/[email protected]/lib/cache.js:60
    data = JSON.parse(_fs2.default.readFileSync(FILENAME));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0e338a703c8bddb Filesystem access.
pkgs/npm/[email protected]/lib/node.js:51
var _fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #102aec9857397fcf Environment-variable access.
pkgs/npm/[email protected]/lib/node.js:107
  var env = process.env.BABEL_ENV || process.env.NODE_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

bluebird

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #8381212ff79c30a9 Environment-variable access.
pkgs/npm/[email protected]/js/browser/bluebird.core.js:3812
    return hasEnvVariables ? process.env[key] : undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d21bdcf07a66efbf Environment-variable access.
pkgs/npm/[email protected]/js/browser/bluebird.js:5676
    return hasEnvVariables ? process.env[key] : undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67b36ddee0c9bb38 Environment-variable access.
pkgs/npm/[email protected]/js/release/util.js:322
    return hasEnvVariables ? process.env[key] : undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

browserify

npm dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #aed030e85de1ab3e Environment-variable access.
pkgs/npm/[email protected]/bin/args.js:219
                    acc[key] = process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04c74353428d712e Filesystem access.
pkgs/npm/[email protected]/bin/cmd.js:2
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3a2da9af61dd179 Filesystem access.
pkgs/npm/[email protected]/example/source_maps/build.js:1
var browserify = require('../..'),
    path = require('path'),
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fde28b261a4790f5 Filesystem access.
pkgs/npm/[email protected]/example/source_maps/build.js:3
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12a3ec602561b386 Filesystem access.
pkgs/npm/[email protected]/index.js:31
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

eslint

npm dependency
expand_more 13 low-confidence finding(s)
low env_fs dependency Excluded from app score #c03cc53e47d651a2 Filesystem access.
pkgs/npm/[email protected]/lib/cli-engine/lint-result-cache.js:129
			results.source = fs.readFileSync(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #342b501c349fc441 Filesystem access.
pkgs/npm/[email protected]/lib/cli.js:133
			await writeFile(filePath, output);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d72a376239608db2 Filesystem access.
pkgs/npm/[email protected]/lib/eslint/eslint-helpers.js:1281
		const text = await fsp.readFile(filePath, {
			encoding: "utf8",
			signal: controller?.signal,
		});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c194434967d98dc4 Environment-variable access.
pkgs/npm/[email protected]/lib/eslint/eslint-helpers.js:1326
	if (!process.env.ESLINT_FLAGS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #059be2a93bd13115 Environment-variable access.
pkgs/npm/[email protected]/lib/eslint/eslint-helpers.js:1330
	const envFlags = process.env.ESLINT_FLAGS.trim().split(/\s*,\s*/gu);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4965270b6554c4ad Filesystem access.
pkgs/npm/[email protected]/lib/eslint/eslint.js:825
					retrier.retry(() => fs.writeFile(r.filePath, r.output)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ca6ca26e3345f29 Environment-variable access.
pkgs/npm/[email protected]/lib/linter/timing.js:44
const enabled = !!process.env.TIMING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b34c0a11f23b8c94 Environment-variable access.
pkgs/npm/[email protected]/lib/linter/timing.js:56
	if (typeof process.env.TIMING !== "string") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c52fa02fe72bd1e Environment-variable access.
pkgs/npm/[email protected]/lib/linter/timing.js:60
	if (process.env.TIMING.toLowerCase() === "all") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32320c1022a5baad Environment-variable access.
pkgs/npm/[email protected]/lib/linter/timing.js:64
	const TIMING_ENV_VAR_AS_INTEGER = Number.parseInt(process.env.TIMING, 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e8c3a3786be1a79 Filesystem access.
pkgs/npm/[email protected]/lib/rule-tester/rule-tester.js:697
				let content = readFileSync(sourceFile, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ad313a25ad28b44 Filesystem access.
pkgs/npm/[email protected]/lib/services/suppressions-service.js:217
			const data = await fs.promises.readFile(this.filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e01dc019fa1b3493 Filesystem access.
pkgs/npm/[email protected]/lib/services/suppressions-service.js:240
		return fs.promises.writeFile(
			this.filePath,
			stringify(suppressions, { space: 2 }),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

fs-extra

npm dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #90718e200d440b96 Filesystem access.
pkgs/npm/[email protected]/lib/ensure/file.js:24
      await fs.writeFile(file, '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf646cb7cb609769 Filesystem access.
pkgs/npm/[email protected]/lib/ensure/file.js:32
    await fs.writeFile(file, '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #771b2daafa74a8fe Filesystem access.
pkgs/npm/[email protected]/lib/ensure/file.js:60
  fs.writeFileSync(file, '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fa0acb8804596b2 Filesystem access.
pkgs/npm/[email protected]/lib/output-file/index.js:16
  return fs.writeFile(file, data, encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0fb8ba516e32571 Filesystem access.
pkgs/npm/[email protected]/lib/output-file/index.js:25
  fs.writeFileSync(file, ...args)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

jsdoc

npm dependency
expand_more 15 low-confidence finding(s)
low env_fs dependency Excluded from app score #8ce629fb67ed94d8 Filesystem access.
pkgs/npm/[email protected]/cli.js:33
        const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8565ebef1c596fba Filesystem access.
pkgs/npm/[email protected]/cli.js:37
        const info = JSON.parse( stripBom.strip(fs.readFileSync(path.join(env.dirname, 'package.json'),
            'utf8')) );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57e93f21ae90dee5 Filesystem access.
pkgs/npm/[email protected]/cli.js:95
                    config = fs.readFileSync(confPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc48b49376d253e9 Filesystem access.
pkgs/npm/[email protected]/cli.js:248
            return stripJsonComments( fs.readFileSync(filepath, 'utf8') );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd01089e7b46b385 Filesystem access.
pkgs/npm/[email protected]/jsdoc.js:5
    const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a5470587255a87c Filesystem access.
pkgs/npm/[email protected]/lib/jsdoc/fs.js:5
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c162d47cf8845ec5 Filesystem access.
pkgs/npm/[email protected]/lib/jsdoc/path.js:6
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4159264e94bf7b47 Filesystem access.
pkgs/npm/[email protected]/lib/jsdoc/readme.js:17
        const content = fs.readFileSync(path, env.opts.encoding);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96dee4fca63bcdd4 Filesystem access.
pkgs/npm/[email protected]/lib/jsdoc/src/parser.js:194
                    sourceCode = fs.readFileSync(filename, encoding);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a320523ea9970a1b Filesystem access.
pkgs/npm/[email protected]/lib/jsdoc/template.js:34
        return _.template(fs.readFileSync(file, 'utf8'), null, this.settings);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #957c5432d0a8a1d1 Filesystem access.
pkgs/npm/[email protected]/lib/jsdoc/tutorial/resolver.js:111
            content = fs.readFileSync(file, env.opts.encoding);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bff10f26f921486 Filesystem access.
pkgs/npm/[email protected]/plugins/partial.js:25
            const partialData = fs.readFileSync(fullPath, env.opts.encoding);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92ef02b31c1c9642 Filesystem access.
pkgs/npm/[email protected]/templates/default/publish.js:237
    fs.writeFileSync(outpath, html, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20290d3289ac8632 Filesystem access.
pkgs/npm/[email protected]/templates/default/publish.js:251
                code: helper.htmlsafe( fs.readFileSync(sourceFiles[file].resolved, encoding) )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93dd45e36b8c51d9 Filesystem access.
pkgs/npm/[email protected]/templates/default/publish.js:680
        fs.writeFileSync(tutorialPath, html, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

karma

npm dependency
expand_more 17 low-confidence finding(s)
low env_fs dependency Excluded from app score #520314a0181297e1 Environment-variable access.
pkgs/npm/[email protected]/lib/completion.js:88
      count: parseInt(process.env.COMP_CWORD, 10),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c5b75c0a11df11c Filesystem access.
pkgs/npm/[email protected]/lib/completion.js:98
  fs.readFile(path.resolve(__dirname, '../scripts/karma-completion.sh'), 'utf8', function (err, data) {
    if (err) return console.error(err)

    process.stdout.write(data)
    process.stdout.on('error', function (error) {
      // Darwin is a real dick sometimes.
      //
      // This is necessary because the "source" or "." program in
      // bash on OS X closes its file argument before reading
      // from it, meaning that you get exactly 1 write, which will
      // work most of the time, and will always raise an EPIPE.
      //
      // Really, one should not be tossing away EPIPE errors, or any
      // errors, so casually.  But, without this, `. <(karma completion)`
      // can never ever work on OS X.
      if (error.errno === 'EPIPE') {
        error = null
      }
    })
  })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c508496d7aec8fcc Filesystem access.
pkgs/npm/[email protected]/lib/constants.js:6
const pkg = JSON.parse(fs.readFileSync(path.join(__dirname, '/../package.json')).toString())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ebe6b3182e265cd6 Environment-variable access.
pkgs/npm/[email protected]/lib/constants.js:10
exports.DEFAULT_PORT = process.env.PORT || 9876

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e7c25ab0cf89686 Environment-variable access.
pkgs/npm/[email protected]/lib/constants.js:11
exports.DEFAULT_HOSTNAME = process.env.IP || 'localhost'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db98b98d0a141a7d Environment-variable access.
pkgs/npm/[email protected]/lib/constants.js:12
exports.DEFAULT_LISTEN_ADDR = process.env.LISTEN_ADDR || '0.0.0.0'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #309cc96c6c56fe5e Filesystem access.
pkgs/npm/[email protected]/lib/detached.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25c7a13b75586776 Filesystem access.
pkgs/npm/[email protected]/lib/detached.js:7
const fileContents = fs.readFileSync(configurationFile, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #937b3e82ea6641f8 Filesystem access.
pkgs/npm/[email protected]/lib/init/formatters.js:48
    return FileUtils
      .readFile(this.TEMPLATE_FILE_PATH)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7116012dc411748a Filesystem access.
pkgs/npm/[email protected]/lib/middleware/common.js:66
    return fs.readFile(filepath, function (error, data) {
      if (error) {
        return serve404(response, filepath)
      }

      if (!doNotCache) {
        cache[filepath] = data.toString()
      }

      log.debug('serving: ' + filepath)
      response.setHeader('Content-Type', mime.getType(filepath, 'text/plain'))
      responseData = (transform && transform(data.toString())) || data
      response.writeHead(rangeHeader ? convertForRangeRequest() : 200)

      return response.end(responseData)
    })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fde7fc04b69aa2e5 Filesystem access.
pkgs/npm/[email protected]/lib/server.js:8
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1340963cd74f9edc Filesystem access.
pkgs/npm/[email protected]/lib/server.js:417
      fs.writeFileSync(tmpFile.name, JSON.stringify(config), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c04c8365315e13b Filesystem access.
pkgs/npm/[email protected]/lib/utils/file-utils.js:7
    return fs.readFileSync(path).toString()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #255b07f778272b66 Filesystem access.
pkgs/npm/[email protected]/lib/utils/file-utils.js:11
    fs.writeFileSync(path, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd94a2cfca939cc4 Filesystem access.
pkgs/npm/[email protected]/lib/utils/file-utils.js:15
    FileUtils.saveFile(dest, FileUtils.readFile(src))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #001227793af9f39c Filesystem access.
pkgs/npm/[email protected]/scripts/client.js:3
const { createWriteStream } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #ead02f6ecb9ccf07 Filesystem access.
pkgs/npm/[email protected]/scripts/client.js:4
const { readFile } = require('fs').promises

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

karma-browserify

npm dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #fd1487da0837332f Filesystem access.
pkgs/npm/[email protected]/lib/bro.js:20
var path = require('path'),
    fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1eb2787ffe1e5aa8 Filesystem access.
pkgs/npm/[email protected]/lib/bro.js:21
    fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #305bfe5b53af8aed Filesystem access.
pkgs/npm/[email protected]/lib/bundle-file.js:3
var fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1a2c5ab87b7cc11 Filesystem access.
pkgs/npm/[email protected]/lib/bundle-file.js:23
    fs.writeFileSync(location, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

karma-firefox-launcher

npm dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #e16c3588ea11a49b Filesystem access.
pkgs/npm/[email protected]/index.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #825113288daad3ef Environment-variable access.
pkgs/npm/[email protected]/index.js:65
  const paden = process.env.Path.split(';')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ec02aae5a289432 Environment-variable access.
pkgs/npm/[email protected]/index.js:76
  const prefixes = [process.env.PROGRAMFILES, process.env['PROGRAMFILES(X86)']]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbc7a153368ce3b2 Environment-variable access.
pkgs/npm/[email protected]/index.js:121
  for (const pathElem of process.env.PATH.split(':')) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #800b3d36c380c9a2 Environment-variable access.
pkgs/npm/[email protected]/index.js:182
      homeBin = path.join(process.env.HOME, bin)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdbc53ef7a4c43c1 Filesystem access.
pkgs/npm/[email protected]/index.js:244
        const extBuffer = fs.readFileSync(ext)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5955df9f074e31f9 Filesystem access.
pkgs/npm/[email protected]/index.js:246
        fs.writeFileSync(copyDestination, extBuffer)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59aad13dc1f00f29 Filesystem access.
pkgs/npm/[email protected]/index.js:250
    fs.writeFileSync(path.join(profilePath, 'prefs.js'), this._getPrefs(args.prefs))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e48e0cb87d49fdf1 Environment-variable access.
pkgs/npm/[email protected]/index.js:266
    process.env.MOZ_DEBUG_BROWSER_PAUSE = 0

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

karma-mocha

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #414a7aca3f1c7eb6 Filesystem access.
pkgs/npm/[email protected]/lib/index.js:45
  var fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0b48081e1c7e025 Filesystem access.
pkgs/npm/[email protected]/lib/index.js:50
  return extend(normalizeOpts(minimist(fs.readFileSync(optsPath, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

karma-safari-launcher

npm dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #897998693117eaab Filesystem access.
pkgs/npm/[email protected]/index.js:1
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5459e7c626554c06 Filesystem access.
pkgs/npm/[email protected]/index.js:12
    fs.readFile(HTML_TPL, function(err, data) {
      var content = data.toString().replace('%URL%', url);
      var staticHtmlPath = self._tempDir + '/redirect.html';

      fs.writeFile(staticHtmlPath, content, function(err) {
        self._execCommand(self._getCommand(), [staticHtmlPath]);
      });
    });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c54a432c1f16f58 Filesystem access.
pkgs/npm/[email protected]/index.js:16
      fs.writeFile(staticHtmlPath, content, function(err) {
        self._execCommand(self._getCommand(), [staticHtmlPath]);
      });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0dc063747a5b48f5 Environment-variable access.
pkgs/npm/[email protected]/index.js:28
    win32: process.env['ProgramFiles(x86)'] + '\\Safari\\Safari.exe'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

mocha

npm dependency
expand_more 16 low-confidence finding(s)
low env_fs dependency Excluded from app score #ef7118b15b8f6ed9 Filesystem access.
pkgs/npm/[email protected]/lib/cli/config.js:39
    require("js-yaml").load(fs.readFileSync(filepath, "utf8")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d792f3d377c67f0b Filesystem access.
pkgs/npm/[email protected]/lib/cli/config.js:55
      require("strip-json-comments")(fs.readFileSync(filepath, "utf8")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c31c2db017600efb Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:27
  const css = fs.readFileSync(path.join(srcdir, "mocha.css"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d6101103b31325b Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:28
  const js = fs.readFileSync(path.join(srcdir, "mocha.js"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #195ec3759b8497b9 Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:29
  const tmpl = fs.readFileSync(
    path.join(srcdir, "lib", "browser", "template.html"),
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4122643ead94979d Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:32
  fs.writeFileSync(path.join(destdir, "mocha.css"), css);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #094ebe44b94c3e2f Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:33
  fs.writeFileSync(path.join(destdir, "mocha.js"), js);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dda3e5bda8a321a6 Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:34
  fs.writeFileSync(path.join(destdir, "tests.spec.js"), "");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6cd8bdb54267636e Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:35
  fs.writeFileSync(path.join(destdir, "index.html"), tmpl);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe70c5d0c2945742 Filesystem access.
pkgs/npm/[email protected]/lib/cli/options.js:240
      configData = fs.readFileSync(filepath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ddb1d25f6820317f Environment-variable access.
pkgs/npm/[email protected]/lib/cli/options.js:302
  const envConfig = parse(process.env.MOCHA_OPTIONS || "");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2910a7bcd6808fa Environment-variable access.
pkgs/npm/[email protected]/lib/reporters/base.js:58
  (supportsColor.stdout || process.env.MOCHA_COLORS !== undefined);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af8948d5a44a6793 Filesystem access.
pkgs/npm/[email protected]/lib/reporters/json.js:90
        fs.writeFileSync(output, json);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d53af2a6e55bdee6 Environment-variable access.
pkgs/npm/[email protected]/mocha.js:13123
  		r = process.env.DEBUG;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e69a327a282bea8e Environment-variable access.
pkgs/npm/[email protected]/mocha.js:16339
    (supportsColor.stdout || process.env.MOCHA_COLORS !== undefined);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3675d496d2db05a3 Filesystem access.
pkgs/npm/[email protected]/mocha.js:17472
          fs.writeFileSync(output, json);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

native-promise-only

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #0c5d6f280933b12c Filesystem access.
pkgs/npm/[email protected]/build.js:3
var fs = require("fs"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8c5e41c758fd85c Filesystem access.
pkgs/npm/[email protected]/build.js:23
	fs.writeFileSync(
		path.join(__dirname,"npo.js"),
		result.code + "\n",
		{ encoding: "utf8" }
	);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

nyc

npm dependency
expand_more 28 low-confidence finding(s)
low env_fs dependency Excluded from app score #91f6bb39fedaed32 Filesystem access.
pkgs/npm/[email protected]/bin/nyc.js:10
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cf7f6fe3125967e Environment-variable access.
pkgs/npm/[email protected]/bin/nyc.js:53
    env.BABEL_DISABLE_CACHE = process.env.BABEL_DISABLE_CACHE = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #623cb70b47790917 Environment-variable access.
pkgs/npm/[email protected]/bin/nyc.js:81
    env.SPAWN_WRAP_SHIM_ROOT = process.env.SPAWN_WRAP_SHIM_ROOT || process.env.XDG_CACHE_HOME || require('os').homedir()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cf065b47e32162c Filesystem access.
pkgs/npm/[email protected]/index.js:190
        const source = await fs.readFile(filename, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09937d40f4438c8b Filesystem access.
pkgs/npm/[email protected]/index.js:218
      const inCode = await fs.readFile(inFile, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79a36cd8d3528863 Filesystem access.
pkgs/npm/[email protected]/index.js:226
        await fs.writeFile(outFile, outCode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d7e91149125dd50 Environment-variable access.
pkgs/npm/[email protected]/index.js:353
    if (!process.env.NYC_CWD) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #301f3a5d74bed55c Environment-variable access.
pkgs/npm/[email protected]/index.js:375
    process.env.NYC_PROCESS_ID = this.processInfo.uuid

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #200654b6dd28d16d Filesystem access.
pkgs/npm/[email protected]/index.js:409
    fs.writeFileSync(
      coverageFilename,
      JSON.stringify(coverage),
      'utf-8'
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2a4236ad2327c16 Filesystem access.
pkgs/npm/[email protected]/index.js:514
      const report = JSON.parse(await fs.readFile(path.resolve(baseDirectory, filename)), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ca48c6af6758f87 Environment-variable access.
pkgs/npm/[email protected]/lib/commands/check-coverage.js:19
  process.env.NYC_CWD = process.cwd()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #219f37d56a679ad2 Environment-variable access.
pkgs/npm/[email protected]/lib/commands/merge.js:33
  process.env.NYC_CWD = process.cwd()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c047e59069a79a70 Filesystem access.
pkgs/npm/[email protected]/lib/commands/merge.js:44
  await fs.writeFile(argv.outputFile, JSON.stringify(map), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79095284736aa7b8 Environment-variable access.
pkgs/npm/[email protected]/lib/commands/report.js:19
  process.env.NYC_CWD = process.cwd()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce895aec1d87d1da Environment-variable access.
pkgs/npm/[email protected]/lib/config-util.js:12
  cwd = cwd || process.env.NYC_CWD || process.cwd()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0cdfa5a8eb429932 Filesystem access.
pkgs/npm/[email protected]/lib/fs-promises.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7282d8caff736ea7 Environment-variable access.
pkgs/npm/[email protected]/lib/register-env.js:21
    envToCopy[env] = process.env[env]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #006539298fff1e46 Environment-variable access.
pkgs/npm/[email protected]/lib/register-env.js:26
  envToCopy[envName] = process.env[envName]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e741617179941a56 Filesystem access.
pkgs/npm/[email protected]/lib/source-maps.js:43
      fs.writeFileSync(mapPath, JSON.stringify(sourceMap))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bd246410693669a Filesystem access.
pkgs/npm/[email protected]/lib/source-maps.js:68
            this.loadedMaps[hash] = JSON.parse(await fs.readFile(mapPath, 'utf8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb0699b52d666946 Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:6
  process.env.NYC_CONFIG ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d63f588b5160e1c1 Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:15
  parent: process.env.NYC_PROCESS_ID || null

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9683427472166fe3 Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:18
if (process.env.NYC_PROCESSINFO_EXTERNAL_ID) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a79259955310757a Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:19
  config._processInfo.externalId = process.env.NYC_PROCESSINFO_EXTERNAL_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38e69ecbc13cd6b6 Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:20
  delete process.env.NYC_PROCESSINFO_EXTERNAL_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5efc9f6903fff56a Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:23
if (process.env.NYC_CONFIG_OVERRIDE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be9062f8c69e1d7f Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:24
  Object.assign(config, JSON.parse(process.env.NYC_CONFIG_OVERRIDE))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #916a4d2033b673f1 Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:25
  process.env.NYC_CONFIG = JSON.stringify(config)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

rollup-plugin-node-resolve

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #ad8486c15a11a765 Filesystem access.
pkgs/npm/[email protected]/src/index.js:5
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1603776b7f432b21 Filesystem access.
pkgs/npm/[email protected]/src/index.js:18
const readFileAsync = file => new Promise((fulfil, reject) => fs.readFile(file, (err, contents) => err ? reject(err) : fulfil(contents)));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

semver

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #f0fd4f95f5371744 Environment-variable access.
pkgs/npm/[email protected]/internal/debug.js:6
  process.env.NODE_DEBUG &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4608c455d5905a67 Environment-variable access.
pkgs/npm/[email protected]/internal/debug.js:7
  /\bsemver\b/i.test(process.env.NODE_DEBUG)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

yargs

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #02c8c82e16d857f9 Environment-variable access.
pkgs/npm/[email protected]/lib/platform-shims/esm.mjs:29
    return process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Development

  • rollup dev — dist-only: no readable source
  • rollup-plugin-npm dev — no javascript source