Close Open Privacy Scan

bolt Snapshot: commit 7c65045
science engine v1
schedule 2026-06-26T15:11:12.382038+00:00

verified_user Possible application data leak

Potential data exfiltration identified in application code.

App Privacy Score

42 /100
High privacy risk — possible application leak

High risk · 489 finding(s)

Dependency score: 12 (High risk)

bar_chart Score Breakdown

pii_flow −45
telemetry −10
env_fs −3

list Scan Summary

2 high 13 medium 474 low
First-party packages: 1
Dependency packages: 37
Ecosystem: npm

swap_horiz Potential data exfiltration in application code

External domains: studio.apollographql.com

medium first-party (npm) PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
repo/scripts/wait-for-rabbitmq.js:5 repo/scripts/wait-for-rabbitmq.js:30
medium first-party (npm) PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
repo/scripts/wait-for-rabbitmq.js:5 repo/scripts/wait-for-rabbitmq.js:34
medium first-party (npm) PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
repo/scripts/wait-for-rabbitmq.js:5 repo/scripts/wait-for-rabbitmq.js:39
hub Dependency data flows (7)
high nats tooling User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/examples/nats-req.js:40 pkgs/npm/[email protected]/examples/nats-req.js:79
high coveralls dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/lib/sendToCoveralls.js:9 pkgs/npm/[email protected]/lib/sendToCoveralls.js:19
medium @apollo/server dependency PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/@[email protected]/src/plugin/schemaReporting/index.ts:132 pkgs/npm/@[email protected]/src/plugin/schemaReporting/index.ts:184
medium @fastify/static dependency PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/@[email protected]/example/server-benchmark.js:8 pkgs/npm/@[email protected]/example/server-benchmark.js:33
medium @fastify/static dependency PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/@[email protected]/example/server-benchmark.js:8 pkgs/npm/@[email protected]/example/server-benchmark.js:36
medium @fastify/static dependency PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/@[email protected]/example/server-benchmark.js:8 pkgs/npm/@[email protected]/example/server-benchmark.js:37
medium @fastify/static dependency PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/@[email protected]/example/server-benchmark.js:8 pkgs/npm/@[email protected]/example/server-benchmark.js:38

</> First-Party Code

first-party (npm)

npm first-party
medium pii_flow production #d1544dc93b646318 PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
repo/scripts/wait-for-rabbitmq.js:30 · flow /tmp/closeopen-xzcxtzs9/repo/scripts/wait-for-rabbitmq.js:5 → /tmp/closeopen-xzcxtzs9/repo/scripts/wait-for-rabbitmq.js:30
      console.log(`[rabbitmq] Ready at ${url}`);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium pii_flow production #243215a53bcfc5fb PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
repo/scripts/wait-for-rabbitmq.js:34 · flow /tmp/closeopen-xzcxtzs9/repo/scripts/wait-for-rabbitmq.js:5 → /tmp/closeopen-xzcxtzs9/repo/scripts/wait-for-rabbitmq.js:34
      console.log(`[rabbitmq] Waiting for ${url}...`);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium pii_flow production #3f4758068a99e304 PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
repo/scripts/wait-for-rabbitmq.js:39 · flow /tmp/closeopen-xzcxtzs9/repo/scripts/wait-for-rabbitmq.js:5 → /tmp/closeopen-xzcxtzs9/repo/scripts/wait-for-rabbitmq.js:39
  console.error(
    `[rabbitmq] Timed out waiting for ${url} after ${timeoutMs}ms.`,
  );

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry production #f059e5d076fa6173 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/tools/benchmarks/src/autocannon/run.ts:30
      autocannon.track(instance);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 36 low-confidence finding(s)
low env_fs production #085b7b6a2eece956 Filesystem access.
repo/integration/inspector/e2e/graph-inspector.spec.ts:7
import { readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #73cfb20466bdc3f2 Filesystem access.
repo/integration/inspector/e2e/graph-inspector.spec.ts:34
    const snapshot = readFileSync(
      join(__dirname, 'fixtures', 'pre-init-graph.json'),
      'utf-8',
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ffe8d5f8dc945a7 Filesystem access.
repo/integration/inspector/e2e/graph-inspector.spec.ts:62
    const snapshot = readFileSync(
      join(__dirname, 'fixtures', 'post-init-graph.json'),
      'utf-8',
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1d5c40cf874e1d83 Filesystem access.
repo/integration/microservices/e2e/sum-rpc-tls.spec.ts:5
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd4d898b0119a1c2 Filesystem access.
repo/integration/microservices/e2e/sum-rpc-tls.spec.ts:19
    key = fs
      .readFileSync(path.join(__dirname, '../src/tcp-tls/privkey.pem'), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ab58d4fa9840aed Filesystem access.
repo/integration/microservices/e2e/sum-rpc-tls.spec.ts:22
    cert = fs
      .readFileSync(path.join(__dirname, '../src/tcp-tls/ca.cert.pem'), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f89bf59b62fc5cdc Filesystem access.
repo/integration/microservices/src/tcp-tls/app.controller.ts:19
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #45a39b1f142c11d6 Filesystem access.
repo/integration/microservices/src/tcp-tls/app.controller.ts:36
          fs
            .readFileSync(path.join(__dirname, 'ca.cert.pem'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #14b85ddfff14b21a Filesystem access.
repo/integration/microservices/src/tcp-tls/app.module.ts:12
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b3271c79145d0df4 Filesystem access.
repo/integration/microservices/src/tcp-tls/app.module.ts:15
const caCert = fs.readFileSync(path.join(__dirname, 'ca.cert.pem')).toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5d492d76af62d34 Filesystem access.
repo/integration/send-files/e2e/express.spec.ts:7
import { readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #191cea387738de17 Filesystem access.
repo/integration/send-files/e2e/express.spec.ts:17
const readme = readFileSync(join(process.cwd(), 'Readme.md'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2d9f369f1f1e3415 Filesystem access.
repo/integration/send-files/e2e/fastify.spec.ts:7
import { readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6aa785d0d1f966c4 Filesystem access.
repo/integration/send-files/e2e/fastify.spec.ts:11
const readme = readFileSync(join(process.cwd(), 'Readme.md'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #efc343c17922ef70 Filesystem access.
repo/integration/send-files/src/app.service.ts:3
import { createReadStream, readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4db648cc6c74b6ab Filesystem access.
repo/integration/send-files/src/app.service.ts:21
    return new StreamableFile(readFileSync(join(process.cwd(), 'Readme.md')));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #040267806fe4a7b2 Filesystem access.
repo/integration/send-files/src/app.service.ts:33
    const file = readFileSync(join(process.cwd(), 'Readme.md'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c39cd11bc42d76a5 Environment-variable access.
repo/packages/common/utils/cli-colors.util.ts:3
export const isColorAllowed = () => !process.env.NO_COLOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c956de009eaccd89 Environment-variable access.
repo/packages/core/injector/injector.ts:1288
    return !!process.env.NEST_DEBUG;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc6390fb846a5840 Environment-variable access.
repo/packages/core/injector/instance-wrapper.ts:566
    return !!process.env.NEST_DEBUG;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f95469afa3ee359d Filesystem access.
repo/packages/platform-fastify/interfaces/external/fastify-static-options.interface.ts:7
import { Stats } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c490299c47516a43 Filesystem access.
repo/sample/25-dynamic-modules/src/config/config.service.ts:3
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #223fd26b7fa8529a Environment-variable access.
repo/sample/25-dynamic-modules/src/config/config.service.ts:13
    const filePath = `${process.env.NODE_ENV || 'development'}.env`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ff43d1122081598 Filesystem access.
repo/sample/25-dynamic-modules/src/config/config.service.ts:15
    this.envConfig = dotenv.parse(fs.readFileSync(envFile));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ccfdf0a7495b1bbf Environment-variable access.
repo/sample/26-queues/src/app.module.ts:10
        host: process.env.REDIS_HOST || 'localhost',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #62c3e38b9a6f65e2 Environment-variable access.
repo/sample/26-queues/src/app.module.ts:11
        port: parseInt(process.env.REDIS_PORT || '6379'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e39886b4eea047c1 Filesystem access.
repo/sample/28-sse/src/app.controller.ts:3
import { readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f500dac21777f98c Filesystem access.
repo/sample/28-sse/src/app.controller.ts:14
      .send(readFileSync(join(__dirname, 'index.html')).toString());

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6144a4a541d205fb Filesystem access.
repo/sample/29-file-upload/e2e/app/app.e2e-spec.ts:3
import { readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b159da193e8380e Filesystem access.
repo/sample/29-file-upload/e2e/app/app.e2e-spec.ts:28
        file: readFileSync('./package.json').toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #078fb5288e7a06c5 Filesystem access.
repo/sample/29-file-upload/e2e/app/app.e2e-spec.ts:42
        file: readFileSync('./resources/nestjs.jpg').toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #87bb5025fe1dd3b6 Environment-variable access.
repo/sample/36-hmr-esm/src/main.ts:11
  await app.listen(process.env.PORT ?? 3000);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc630a2ccc337516 Environment-variable access.
repo/scripts/wait-for-rabbitmq.js:5
const url = process.env.RABBITMQ_URL || 'amqp://localhost:5672';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d8e873bb880f1471 Environment-variable access.
repo/scripts/wait-for-rabbitmq.js:12
  process.env.RABBITMQ_WAIT_TIMEOUT_MS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22015b0ab562f3e8 Environment-variable access.
repo/scripts/wait-for-rabbitmq.js:16
  process.env.RABBITMQ_WAIT_INTERVAL_MS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1d73957a826f6df0 Filesystem access.
repo/tools/gulp/util/task-helpers.ts:1
import { readdirSync, statSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

coveralls

npm dependency
high pii_flow dependency Excluded from app score #bedda96f6f5021c7 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/lib/sendToCoveralls.js:19 · flow /tmp/closeopen-xzcxtzs9/pkgs/npm/[email protected]/lib/sendToCoveralls.js:9 → /tmp/closeopen-xzcxtzs9/pkgs/npm/[email protected]/lib/sendToCoveralls.js:19
    request.post({
      url,
      form: {
        json: str
      }
    }, (err, response, body) => {
      cb(err, response, body);
    });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 114 low-confidence finding(s)
low env_fs dependency Excluded from app score #c1f868def82dffad Filesystem access.
pkgs/npm/[email protected]/lib/convertLcovToCoveralls.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1f868def82dffad Filesystem access.
pkgs/npm/[email protected]/lib/convertLcovToCoveralls.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f26ca30426755e6f Filesystem access.
pkgs/npm/[email protected]/lib/convertLcovToCoveralls.js:33
  const source = fs.readFileSync(filepath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5585d3572823fdef Filesystem access.
pkgs/npm/[email protected]/lib/detectLocalGit.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5585d3572823fdef Filesystem access.
pkgs/npm/[email protected]/lib/detectLocalGit.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9042b3f5c27374f Filesystem access.
pkgs/npm/[email protected]/lib/detectLocalGit.js:26
  const head = fs.readFileSync(path.join(dir, '.git', 'HEAD'), 'utf-8').trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d5e3416dd01dd82 Filesystem access.
pkgs/npm/[email protected]/lib/detectLocalGit.js:43
    return fs.readFileSync(ref, 'utf-8').trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ff7f1a883d5211e Filesystem access.
pkgs/npm/[email protected]/lib/detectLocalGit.js:49
  const packedRefsText = fs.readFileSync(packedRefs, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7db299d1e97150ab Filesystem access.
pkgs/npm/[email protected]/lib/getOptions.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7db299d1e97150ab Filesystem access.
pkgs/npm/[email protected]/lib/getOptions.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d34f0d9114b0fe50 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:13
  let git_commit = process.env.COVERALLS_GIT_COMMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #674e63f783a1399f Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:14
  let git_branch = process.env.COVERALLS_GIT_BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b058152b85f78a9 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:19
  const match = (process.env.CI_PULL_REQUEST || '').match(/(\d+)$/);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #288e5e81e781d3dd Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:25
  if (process.env.TRAVIS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a7e79906ab73b66 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:27
    options.service_number = process.env.TRAVIS_BUILD_NUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7842a272b6f0686a Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:28
    options.service_job_id = process.env.TRAVIS_JOB_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d623c588a145d487 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:29
    options.service_pull_request = process.env.TRAVIS_PULL_REQUEST;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11d60e65873a3230 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:31
    git_branch = process.env.TRAVIS_BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f05ebaa65c74192 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:34
  if (process.env.DRONE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #061eb4ffd48dc7e0 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:36
    options.service_job_id = process.env.DRONE_BUILD_NUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a03e01e2737d5b2 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:37
    options.service_pull_request = process.env.DRONE_PULL_REQUEST;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be9f0cf472b33f8b Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:38
    git_committer_name = process.env.DRONE_COMMIT_AUTHOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf9955959312af35 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:39
    git_committer_email = process.env.DRONE_COMMIT_AUTHOR_EMAIL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dcc20e5ae1b24df6 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:40
    git_commit = process.env.DRONE_COMMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7937faeb3e78e58 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:41
    git_branch = process.env.DRONE_BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dcaa3a23641fc3ff Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:42
    git_message = process.env.DRONE_COMMIT_MESSAGE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e577651a657f50d4 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:45
  if (process.env.JENKINS_URL || process.env.JENKINS_HOME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e577651a657f50d4 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:45
  if (process.env.JENKINS_URL || process.env.JENKINS_HOME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45dfc35169d882f2 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:47
    options.service_job_id = process.env.BUILD_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d85f46cc7709c14 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:48
    options.service_pull_request = process.env.CHANGE_ID || process.env.ghprbPullId;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d85f46cc7709c14 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:48
    options.service_pull_request = process.env.CHANGE_ID || process.env.ghprbPullId;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8dfaa9afac9ce3f Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:49
    git_committer_name = process.env.CHANGE_AUTHOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca074525cbed7968 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:50
    git_committer_email = process.env.CHANGE_AUTHOR_EMAIL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37da1b2602dbb1b4 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:51
    git_commit = process.env.GIT_COMMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee123f919498f43c Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:52
    git_branch = process.env.CHANGE_BRANCH || process.env.GIT_BRANCH || process.env.BRANCH_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee123f919498f43c Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:52
    git_branch = process.env.CHANGE_BRANCH || process.env.GIT_BRANCH || process.env.BRANCH_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee123f919498f43c Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:52
    git_branch = process.env.CHANGE_BRANCH || process.env.GIT_BRANCH || process.env.BRANCH_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3bfc648d7ec10c4 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:55
  if (process.env.CIRCLECI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e322a302cd2c7b3 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:57
    options.service_number = process.env.CIRCLE_WORKFLOW_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb5838765e5077b5 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:58
    options.service_job_number = process.env.CIRCLE_BUILD_NUM;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32714014bb66f09d Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:60
    if (process.env.CI_PULL_REQUEST) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60a9262203f9c796 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:61
      const pr = process.env.CI_PULL_REQUEST.split('/pull/');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a92036c1d1415bbb Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:65
    git_commit = process.env.CIRCLE_SHA1;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe881258a584a720 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:66
    git_branch = process.env.CIRCLE_BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #699dbfd9eadbcd46 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:69
  if (process.env.CI_NAME && process.env.CI_NAME === 'codeship') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #699dbfd9eadbcd46 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:69
  if (process.env.CI_NAME && process.env.CI_NAME === 'codeship') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f35e5c25a7a857f5 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:71
    options.service_job_id = process.env.CI_BUILD_NUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0da221ed5be2be0f Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:72
    git_commit = process.env.CI_COMMIT_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #896476b1e235106a Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:73
    git_branch = process.env.CI_BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c83f6bd75a17cca Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:74
    git_committer_name = process.env.CI_COMMITTER_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f8a1c3b226887b8 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:75
    git_committer_email = process.env.CI_COMMITTER_EMAIL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cad3fbc1977309aa Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:76
    git_message = process.env.CI_COMMIT_MESSAGE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cec38057726f9cf3 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:79
  if (process.env.WERCKER) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64622a233e57096a Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:81
    options.service_job_id = process.env.WERCKER_BUILD_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6867610ed8f3cd56 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:82
    git_commit = process.env.WERCKER_GIT_COMMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a9f8c1960d45130 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:83
    git_branch = process.env.WERCKER_GIT_BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d0928218ddd53e5 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:86
  if (process.env.GITLAB_CI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6242be9bbf14342 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:88
    options.service_job_number = process.env.CI_BUILD_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4260b2e0f9039732 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:89
    options.service_job_id = process.env.CI_BUILD_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #026b228fd5d94cd3 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:90
    options.service_pull_request = process.env.CI_MERGE_REQUEST_IID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b05c26e26d66aab9 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:91
    git_commit = process.env.CI_BUILD_REF;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #623526403ecdadef Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:92
    git_branch = process.env.CI_BUILD_REF_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da86b00559ae346a Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:95
  if (process.env.APPVEYOR) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfdef43fc2079e00 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:97
    options.service_job_number = process.env.APPVEYOR_BUILD_NUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c89bb4743a1722ad Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:98
    options.service_job_id = process.env.APPVEYOR_BUILD_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da7655d6992a453e Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:99
    git_commit = process.env.APPVEYOR_REPO_COMMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4e8abbe4b51fb66 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:100
    git_branch = process.env.APPVEYOR_REPO_BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0ccf3e1db35497b Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:103
  if (process.env.SURF_SHA1) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37451a062be22a5a Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:105
    git_commit = process.env.SURF_SHA1;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8db56813ffdd90a5 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:106
    git_branch = process.env.SURF_REF;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e4d3321f9281523 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:109
  if (process.env.BUILDKITE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7999e40fa80b8a31 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:111
    options.service_job_number = process.env.BUILDKITE_BUILD_NUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b01ee327e3ac9e9c Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:112
    options.service_job_id = process.env.BUILDKITE_BUILD_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd7d29a4f5b553d5 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:113
    options.service_pull_request = process.env.BUILDKITE_PULL_REQUEST;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffc5fce29fc0b692 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:114
    git_commit = process.env.BUILDKITE_COMMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7bfa0ecac1c0e74 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:115
    git_branch = process.env.BUILDKITE_BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18e762bce2e74015 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:116
    git_committer_name = process.env.BUILDKITE_BUILD_CREATOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #130576f76d59eb77 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:117
    git_committer_email = process.env.BUILDKITE_BUILD_CREATOR_EMAIL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2bf7cda493aab0d Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:118
    git_message = process.env.BUILDKITE_MESSAGE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2810001e97e1271c Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:121
  if (process.env.SEMAPHORE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14c840052df03aca Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:123
    options.service_job_id = process.env.SEMAPHORE_BUILD_NUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59236be1be89d7f3 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:124
    git_commit = process.env.REVISION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75d8542099f69c5c Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:125
    git_branch = process.env.BRANCH_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e82f5635657a2b7c Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:128
  if (process.env.TF_BUILD) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81145262e967dbdb Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:130
    options.service_job_id = process.env.BUILD_BUILDID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bc48ec4f806aba2 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:131
    options.service_pull_request = process.env.SYSTEM_PULLREQUEST_PULLREQUESTNUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee1e06aa35868657 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:132
    git_commit = process.env.BUILD_SOURCEVERSION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9b5e73c7c71a0fc Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:133
    git_branch = process.env.BUILD_SOURCEBRANCHNAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb955ac39df8723e Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:136
  if (process.env.CF_BRANCH) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d31b98194bb4da9 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:138
    options.service_job_id = process.env.CF_BUILD_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e68b916bc81e9923 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:139
    options.service_pull_request = process.env.CF_PULL_REQUEST_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce20900023b59e67 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:140
    git_commit = process.env.CF_REVISION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f66e513c74fe7933 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:141
    git_branch = process.env.CF_BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37479b842dd8fcbd Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:142
    git_committer_name = process.env.CF_COMMIT_AUTHOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #765db54c9b8c94e8 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:143
    git_message = process.env.CF_COMMIT_MESSAGE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f6a13dfcdfdaea6 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:146
  options.run_at = process.env.COVERALLS_RUN_AT || JSON.stringify(new Date()).slice(1, -1);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c568d40e5c80dd54 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:148
  if (process.env.COVERALLS_SERVICE_NUMBER) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ba5f26ad2013bd6 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:149
    options.service_number = process.env.COVERALLS_SERVICE_NUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8d07668883077ec Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:152
  if (process.env.COVERALLS_SERVICE_JOB_NUMBER) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b38ef1f35a2331b Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:153
    options.service_job_number = process.env.COVERALLS_SERVICE_JOB_NUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbf1922ada56dd5e Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:156
  if (process.env.COVERALLS_SERVICE_JOB_ID) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abe2a4fb8884586f Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:157
    options.service_job_id = process.env.COVERALLS_SERVICE_JOB_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60f7766a1c41e8df Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:168
  if (process.env.COVERALLS_PARALLEL) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e275e5d8779c18c9 Filesystem access.
pkgs/npm/[email protected]/lib/getOptions.js:177
        return yaml.safeLoad(fs.readFileSync(yml, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53e667fbcf67da2b Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:196
  if (process.env.COVERALLS_REPO_TOKEN) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86dfc91dceab75e2 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:197
    options.repo_token = process.env.COVERALLS_REPO_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15d8a56932733f29 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:206
  if (process.env.COVERALLS_SERVICE_NAME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7baa7646ecbe9100 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:207
    options.service_name = process.env.COVERALLS_SERVICE_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #420cb24fe2a1cdcd Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:210
  if (process.env.COVERALLS_FLAG_NAME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b960a97f0cfd8307 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:211
    options.flag_name = process.env.COVERALLS_FLAG_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ff9b2f845f9ad71 Environment-variable access.
pkgs/npm/[email protected]/lib/logger.js:9
  if (index.options.verbose || process.env.NODE_COVERALLS_DEBUG === 1 || process.env.NODE_COVERALLS_DEBUG === '1') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ff9b2f845f9ad71 Environment-variable access.
pkgs/npm/[email protected]/lib/logger.js:9
  if (index.options.verbose || process.env.NODE_COVERALLS_DEBUG === 1 || process.env.NODE_COVERALLS_DEBUG === '1') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84d3308bf522fe70 Environment-variable access.
pkgs/npm/[email protected]/lib/sendToCoveralls.js:8
  if (process.env.COVERALLS_ENDPOINT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e37acb68b2358f5 Environment-variable access.
pkgs/npm/[email protected]/lib/sendToCoveralls.js:9
    urlBase = process.env.COVERALLS_ENDPOINT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

nats

npm dependency
high pii_flow tooling Excluded from app score unknown #505fc25660e7c002 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/examples/nats-req.js:79 · flow /tmp/closeopen-xzcxtzs9/pkgs/npm/[email protected]/examples/nats-req.js:40 → /tmp/closeopen-xzcxtzs9/pkgs/npm/[email protected]/examples/nats-req.js:79
    await nc.request(
      subject,
      sc.encode(payload),
      { timeout: argv.t, headers: hdrs },
    )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 15 low-confidence finding(s)
low env_fs tooling Excluded from app score unknown #b98edc280d482db1 Filesystem access.
pkgs/npm/[email protected]/examples/nats-pub.js:6
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #b98edc280d482db1 Filesystem access.
pkgs/npm/[email protected]/examples/nats-pub.js:6
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #388fcd330f978357 Filesystem access.
pkgs/npm/[email protected]/examples/nats-pub.js:38
  const data = fs.readFileSync(argv.creds);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #e8ee68abef5bfaaf Filesystem access.
pkgs/npm/[email protected]/examples/nats-rep.js:5
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #e8ee68abef5bfaaf Filesystem access.
pkgs/npm/[email protected]/examples/nats-rep.js:5
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #39b24ea0e81bc26c Filesystem access.
pkgs/npm/[email protected]/examples/nats-rep.js:34
  const data = fs.readFileSync(argv.creds);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #dd0f0c8bdf3067eb Filesystem access.
pkgs/npm/[email protected]/examples/nats-req.js:6
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #dd0f0c8bdf3067eb Filesystem access.
pkgs/npm/[email protected]/examples/nats-req.js:6
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #f1dd731f248fe950 Filesystem access.
pkgs/npm/[email protected]/examples/nats-req.js:40
  const data = fs.readFileSync(argv.creds);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #87c8372ea8b9b20d Filesystem access.
pkgs/npm/[email protected]/examples/nats-sub.js:5
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #87c8372ea8b9b20d Filesystem access.
pkgs/npm/[email protected]/examples/nats-sub.js:5
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #feb41350c034fab1 Filesystem access.
pkgs/npm/[email protected]/examples/nats-sub.js:32
  const data = fs.readFileSync(argv.creds);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc75de6b799597f0 Filesystem access.
pkgs/npm/[email protected]/lib/src/node_transport.js:46
const { readFile, existsSync } = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc75de6b799597f0 Filesystem access.
pkgs/npm/[email protected]/lib/src/node_transport.js:46
const { readFile, existsSync } = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c0e8bf6cd5dbf80 Filesystem access.
pkgs/npm/[email protected]/lib/src/node_transport.js:174
            readFile(fn, (err, data) => {
                if (err) {
                    return d.reject(err);
                }
                d.resolve(data);
            });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@fastify/static

npm dependency
medium pii_flow dependency Excluded from app score #2cdbae3d21cc176f PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/@[email protected]/example/server-benchmark.js:33 · flow /tmp/closeopen-xzcxtzs9/pkgs/npm/@[email protected]/example/server-benchmark.js:8 → /tmp/closeopen-xzcxtzs9/pkgs/npm/@[email protected]/example/server-benchmark.js:33
  console.log(`benchmark server listening on http://127.0.0.1:${port}`)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium pii_flow dependency Excluded from app score #b2aabe49955e1407 PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/@[email protected]/example/server-benchmark.js:36 · flow /tmp/closeopen-xzcxtzs9/pkgs/npm/@[email protected]/example/server-benchmark.js:8 → /tmp/closeopen-xzcxtzs9/pkgs/npm/@[email protected]/example/server-benchmark.js:36
  console.log(`  npx autocannon -c 100 -d 10 http://127.0.0.1:${port}/static/index.css`)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium pii_flow dependency Excluded from app score #3c8d347efc4df3c0 PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/@[email protected]/example/server-benchmark.js:37 · flow /tmp/closeopen-xzcxtzs9/pkgs/npm/@[email protected]/example/server-benchmark.js:8 → /tmp/closeopen-xzcxtzs9/pkgs/npm/@[email protected]/example/server-benchmark.js:37
  console.log(`  npx autocannon -c 100 -d 10 http://127.0.0.1:${port}/app/1.2.3/index.css`)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium pii_flow dependency Excluded from app score #2de4080c906c1ca0 PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/@[email protected]/example/server-benchmark.js:38 · flow /tmp/closeopen-xzcxtzs9/pkgs/npm/@[email protected]/example/server-benchmark.js:8 → /tmp/closeopen-xzcxtzs9/pkgs/npm/@[email protected]/example/server-benchmark.js:38
  console.log(`  npx autocannon -c 100 -d 10 http://127.0.0.1:${port}/nested/public/index.css`)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #401676506d733a9a Environment-variable access.
pkgs/npm/@[email protected]/example/server-benchmark.js:5
const fastifyStatic = require(process.env.PLUGIN_PATH || '../')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c2a4accbef463ca Environment-variable access.
pkgs/npm/@[email protected]/example/server-benchmark.js:8
const port = Number(process.env.PORT || 3000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

graphql

npm dependency
medium telemetry dependency Excluded from app score #f2042187fa05ff3b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/npm/[email protected]/execution/execute.js:284
                        info.getAsyncHelpers().track(promisedIsTypeOfResults);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b78bc66f5539654f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/npm/[email protected]/execution/execute.js:293
            info.getAsyncHelpers().track(promisedIsTypeOfResults);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #97307f627dfb6621 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/npm/[email protected]/execution/execute.mjs:268
                        info.getAsyncHelpers().track(promisedIsTypeOfResults);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #764e87f40ae2f99e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/npm/[email protected]/execution/execute.mjs:277
            info.getAsyncHelpers().track(promisedIsTypeOfResults);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

@apollo/server

npm dependency
medium pii_flow dependency Excluded from app score #ce3dd63f19621b78 PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/@[email protected]/src/plugin/schemaReporting/index.ts:184 · flow /tmp/closeopen-xzcxtzs9/pkgs/npm/@[email protected]/src/plugin/schemaReporting/index.ts:132 → /tmp/closeopen-xzcxtzs9/pkgs/npm/@[email protected]/src/plugin/schemaReporting/index.ts:184
          logger.info(
            'Apollo schema reporting: reporting a new schema to Studio! See your graph at ' +
              `https://studio.apollographql.com/graph/${encodeURI(
                graphRef,
              )}/ with server info ${JSON.stringify(schemaReport)}`,
          );

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 7 low-confidence finding(s)
low env_fs dependency Excluded from app score #adc4b3385eda8ed5 Environment-variable access.
pkgs/npm/@[email protected]/src/ApolloServer.ts:218
    const nodeEnv = config.nodeEnv ?? process.env.NODE_ENV ?? '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c426e255af50e3e9 Environment-variable access.
pkgs/npm/@[email protected]/src/ApolloServer.ts:974
      const enabledViaEnvVar = process.env.APOLLO_SCHEMA_REPORTING === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #633d2e447c77b732 Environment-variable access.
pkgs/npm/@[email protected]/src/plugin/schemaReporting/index.ts:132
        platform: process.env.APOLLO_SERVER_PLATFORM || 'local',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b53b8ce4b07202ff Environment-variable access.
pkgs/npm/@[email protected]/src/plugin/schemaReporting/index.ts:136
        userVersion: process.env.APOLLO_SERVER_USER_VERSION,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85874cd779ee5e7e Environment-variable access.
pkgs/npm/@[email protected]/src/plugin/schemaReporting/index.ts:139
          process.env.APOLLO_SERVER_ID || process.env.HOSTNAME || os.hostname(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85874cd779ee5e7e Environment-variable access.
pkgs/npm/@[email protected]/src/plugin/schemaReporting/index.ts:139
          process.env.APOLLO_SERVER_ID || process.env.HOSTNAME || os.hostname(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29bbfe083b1fff62 Environment-variable access.
pkgs/npm/@[email protected]/src/standalone/index.ts:76
        if (process.env.NODE_ENV !== 'test') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@commitlint/cli

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #4732ad7f67297d8c Environment-variable access.
pkgs/npm/@[email protected]/lib/cli.js:357
        return process.env[flags.env];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #465798a582330584 Environment-variable access.
pkgs/npm/@[email protected]/lib/cli.js:379
            return process.env.GIT_PARAMS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #099af6f6c4501208 Environment-variable access.
pkgs/npm/@[email protected]/lib/cli.js:382
            return process.env.HUSKY_GIT_PARAMS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@eslint/eslintrc

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #942c10d3cd777726 Filesystem access.
pkgs/npm/@[email protected]/lib/config-array-factory.js:154
    return fs.readFileSync(filePath, "utf8").replace(/^\ufeff/u, "");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@fastify/view

npm dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #e25e8bbab3b8ac81 Environment-variable access.
pkgs/npm/@[email protected]/benchmark/express.js:3
process.env.NODE_ENV = 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a6d80c03962c7a6 Environment-variable access.
pkgs/npm/@[email protected]/benchmark/setup.js:3
process.env.NODE_ENV = 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #daf8970cb70d3309 Environment-variable access.
pkgs/npm/@[email protected]/index.js:41
  const prod = typeof opts.production === 'boolean' ? opts.production : process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e89f54f60173a614 Filesystem access.
pkgs/npm/@[email protected]/index.js:52
      const promise = readFile(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@grpc/grpc-js

npm dependency
expand_more 19 low-confidence finding(s)
low env_fs dependency Excluded from app score #d56f9fbe0daba4c7 Filesystem access.
pkgs/npm/@[email protected]/src/certificate-provider.ts:18
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f36d4207e702a5fe Environment-variable access.
pkgs/npm/@[email protected]/src/environment.ts:19
  (process.env.GRPC_NODE_USE_ALTERNATIVE_RESOLVER ?? 'false') === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09bde0a260bd290c Environment-variable access.
pkgs/npm/@[email protected]/src/http_proxy.ts:51
  if (process.env.grpc_proxy) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a118e4fb273cf42 Environment-variable access.
pkgs/npm/@[email protected]/src/http_proxy.ts:53
    proxyEnv = process.env.grpc_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1548e721112e8358 Environment-variable access.
pkgs/npm/@[email protected]/src/http_proxy.ts:54
  } else if (process.env.https_proxy) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #516d1f6d59e73db3 Environment-variable access.
pkgs/npm/@[email protected]/src/http_proxy.ts:56
    proxyEnv = process.env.https_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c28aed721787042b Environment-variable access.
pkgs/npm/@[email protected]/src/http_proxy.ts:57
  } else if (process.env.http_proxy) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b897871d3ee79a5a Environment-variable access.
pkgs/npm/@[email protected]/src/http_proxy.ts:59
    proxyEnv = process.env.http_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #861d9d4801a4c5df Environment-variable access.
pkgs/npm/@[email protected]/src/http_proxy.ts:108
  let noProxyStr: string | undefined = process.env.no_grpc_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3352f4b20f4cfa4c Environment-variable access.
pkgs/npm/@[email protected]/src/http_proxy.ts:111
    noProxyStr = process.env.no_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2634feabd6fb281 Environment-variable access.
pkgs/npm/@[email protected]/src/load-balancer-outlier-detection.ts:57
  (process.env.GRPC_EXPERIMENTAL_ENABLE_OUTLIER_DETECTION ?? 'true') === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33ee8ba7a1c392e3 Environment-variable access.
pkgs/npm/@[email protected]/src/logging.ts:39
  process.env.GRPC_NODE_VERBOSITY ?? process.env.GRPC_VERBOSITY ?? '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33ee8ba7a1c392e3 Environment-variable access.
pkgs/npm/@[email protected]/src/logging.ts:39
  process.env.GRPC_NODE_VERBOSITY ?? process.env.GRPC_VERBOSITY ?? '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d590eb9689b0b191 Environment-variable access.
pkgs/npm/@[email protected]/src/logging.ts:97
  process.env.GRPC_NODE_TRACE ?? process.env.GRPC_TRACE ?? '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d590eb9689b0b191 Environment-variable access.
pkgs/npm/@[email protected]/src/logging.ts:97
  process.env.GRPC_NODE_TRACE ?? process.env.GRPC_TRACE ?? '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c998f29ccb5a89a3 Filesystem access.
pkgs/npm/@[email protected]/src/tls-helpers.ts:18
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24b51c4f59626848 Environment-variable access.
pkgs/npm/@[email protected]/src/tls-helpers.ts:21
  process.env.GRPC_SSL_CIPHER_SUITES;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b54f757ea7495e57 Environment-variable access.
pkgs/npm/@[email protected]/src/tls-helpers.ts:23
const DEFAULT_ROOTS_FILE_PATH = process.env.GRPC_DEFAULT_SSL_ROOTS_FILE_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57b20b3d97743333 Filesystem access.
pkgs/npm/@[email protected]/src/tls-helpers.ts:30
      defaultRootsData = fs.readFileSync(DEFAULT_ROOTS_FILE_PATH);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@types/gulp

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #e8626bfdc135a570 Filesystem access.
pkgs/npm/@[email protected]/index.d.ts:2
import * as fs from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

amqplib

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs tooling Excluded from app score unknown #650dab3b2b6f7564 Filesystem access.
pkgs/npm/[email protected]/examples/ssl.js:38
  cert: fs.readFileSync('../etc/client/cert.pem'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #b7c191a37762c4f1 Filesystem access.
pkgs/npm/[email protected]/examples/ssl.js:39
  key: fs.readFileSync('../etc/client/key.pem'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #033842e0ed22f4c8 Filesystem access.
pkgs/npm/[email protected]/examples/ssl.js:43
  ca: [fs.readFileSync('../etc/testca/cacert.pem')],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

chai

npm dependency
expand_more 8 low-confidence finding(s)
low env_fs dependency Excluded from app score #eadabe559aad796b Environment-variable access.
pkgs/npm/[email protected]/karma.conf.js:26
  switch (process.env.CHAI_TEST_ENV) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2d4a0b8100e74f3 Environment-variable access.
pkgs/npm/[email protected]/karma.sauce.js:11
    auth.SAUCE_USERNAME = process.env.SAUCE_USERNAME || null;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61080168b54df540 Environment-variable access.
pkgs/npm/[email protected]/karma.sauce.js:12
    auth.SAUCE_ACCESS_KEY = process.env.SAUCE_ACCESS_KEY || null;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a648ed8c5d04ce0 Environment-variable access.
pkgs/npm/[email protected]/karma.sauce.js:16
  if (process.env.SKIP_SAUCE) return;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #117276448eaccdc8 Environment-variable access.
pkgs/npm/[email protected]/karma.sauce.js:18
  var branch = process.env.TRAVIS_BRANCH || 'local'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94cec4ec6ea48269 Environment-variable access.
pkgs/npm/[email protected]/karma.sauce.js:22
  var tunnel = process.env.TRAVIS_JOB_NUMBER || ts;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8c1b22115e54699 Environment-variable access.
pkgs/npm/[email protected]/karma.sauce.js:24
  if (process.env.TRAVIS_JOB_NUMBER) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4146692c2701b842 Environment-variable access.
pkgs/npm/[email protected]/karma.sauce.js:25
    tags.push('travis@' + process.env.TRAVIS_JOB_NUMBER);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

delete-empty

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #f05c51a478a63cc8 Filesystem access.
pkgs/npm/[email protected]/index.js:9
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f05c51a478a63cc8 Filesystem access.
pkgs/npm/[email protected]/index.js:9
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

eslint

npm dependency
expand_more 13 low-confidence finding(s)
low env_fs dependency Excluded from app score #95821902ac4ebaac Filesystem access.
pkgs/npm/[email protected]/lib/cli-engine/lint-result-cache.js:129
			results.source = fs.readFileSync(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c99c41676639d25 Filesystem access.
pkgs/npm/[email protected]/lib/cli.js:133
			await writeFile(filePath, output);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #669c28fa2130b9a5 Filesystem access.
pkgs/npm/[email protected]/lib/eslint/eslint-helpers.js:1281
		const text = await fsp.readFile(filePath, {
			encoding: "utf8",
			signal: controller?.signal,
		});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a659b2c42435fd37 Environment-variable access.
pkgs/npm/[email protected]/lib/eslint/eslint-helpers.js:1326
	if (!process.env.ESLINT_FLAGS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9fddd486317f32ef Environment-variable access.
pkgs/npm/[email protected]/lib/eslint/eslint-helpers.js:1330
	const envFlags = process.env.ESLINT_FLAGS.trim().split(/\s*,\s*/gu);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a55e3d30c00e3b58 Filesystem access.
pkgs/npm/[email protected]/lib/eslint/eslint.js:802
					retrier.retry(() => fs.writeFile(r.filePath, r.output)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4788a17dc9c7e13a Environment-variable access.
pkgs/npm/[email protected]/lib/linter/timing.js:44
const enabled = !!process.env.TIMING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #717edc1b6e06de3c Environment-variable access.
pkgs/npm/[email protected]/lib/linter/timing.js:56
	if (typeof process.env.TIMING !== "string") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd999c64846ca126 Environment-variable access.
pkgs/npm/[email protected]/lib/linter/timing.js:60
	if (process.env.TIMING.toLowerCase() === "all") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d982571d679ed9f Environment-variable access.
pkgs/npm/[email protected]/lib/linter/timing.js:64
	const TIMING_ENV_VAR_AS_INTEGER = Number.parseInt(process.env.TIMING, 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6576fb242313493 Filesystem access.
pkgs/npm/[email protected]/lib/rule-tester/rule-tester.js:697
				let content = readFileSync(sourceFile, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff0ac87a7abeabdf Filesystem access.
pkgs/npm/[email protected]/lib/services/suppressions-service.js:217
			const data = await fs.promises.readFile(this.filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f80b366b1c643bc7 Filesystem access.
pkgs/npm/[email protected]/lib/services/suppressions-service.js:240
		return fs.promises.writeFile(
			this.filePath,
			stringify(suppressions, { space: 2 }),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

eslint-config-prettier

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #f75cbe220857e25f Environment-variable access.
pkgs/npm/[email protected]/bin/cli.js:45
      switch (process.env.ESLINT_USE_FLAT_CONFIG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #361c176abe0c3009 Environment-variable access.
pkgs/npm/[email protected]/index.js:3
const includeDeprecated = !process.env.ESLINT_CONFIG_PRETTIER_NO_DEPRECATED;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

express

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #e8fa1352fb52e13d Environment-variable access.
pkgs/npm/[email protected]/lib/application.js:91
  var env = process.env.NODE_ENV || 'development';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

fastify

npm dependency
expand_more 6 low-confidence finding(s)
low env_fs tooling Excluded from app score unknown #4a3e6c060c066623 Filesystem access.
pkgs/npm/[email protected]/examples/http2.js:8
    key: fs.readFileSync(path.join(__dirname, '../test/https/fastify.key')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #e8aebe058ebd6492 Filesystem access.
pkgs/npm/[email protected]/examples/http2.js:9
    cert: fs.readFileSync(path.join(__dirname, '../test/https/fastify.cert'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #21c61f717376f2d2 Filesystem access.
pkgs/npm/[email protected]/examples/https.js:7
    key: fs.readFileSync(path.join(__dirname, '../test/https/fastify.key')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #c4155df66734972a Filesystem access.
pkgs/npm/[email protected]/examples/https.js:8
    cert: fs.readFileSync(path.join(__dirname, '../test/https/fastify.cert'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #5ac16abf31b109dc Environment-variable access.
pkgs/npm/[email protected]/scripts/validate-ecosystem-links.js:23
  return process.env.GITHUB_TOKEN

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #97b6ae6c4b919397 Filesystem access.
pkgs/npm/[email protected]/scripts/validate-ecosystem-links.js:99
  const content = fs.readFileSync(ECOSYSTEM_FILE, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

gulp-clean

npm dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #e4cbc7ffaf9b99f6 Filesystem access.
pkgs/npm/[email protected]/test.js:3
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4cbc7ffaf9b99f6 Filesystem access.
pkgs/npm/[email protected]/test.js:3
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cacb393826a84c97 Filesystem access.
pkgs/npm/[email protected]/test.js:24
          fs.writeFile('tmp/tree/leaf/node/leaf.js', 'console.log("leaf")', function () {
            fs.mkdir('tmp/tree/leftleaf', function () {
              fs.writeFile('tmp/tree/leftleaf/leaf1.js', 'console.log("leaf")', function () {
                callback();
              });
            });
          });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86f4962d8a33415d Filesystem access.
pkgs/npm/[email protected]/test.js:26
              fs.writeFile('tmp/tree/leftleaf/leaf1.js', 'console.log("leaf")', function () {
                callback();
              });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27fa99f07b039248 Filesystem access.
pkgs/npm/[email protected]/test.js:39
    fs.writeFile('tmp/test.js', content, function () {
      stream.on('data', noop);
      stream.on('end', function () {
        fs.exists('tmp/test.js', function (exists) {
          expect(exists).to.be.false;
          done();
        });
      });

      stream.write(new utils.File({
        cwd: cwd,
        base: cwd + '/tmp/',
        path: cwd + '/tmp/test.js',
        contents: new Buffer(content)
      }));

      stream.end();
    });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

gulp-sourcemaps

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #07cfa4ce8054d405 Filesystem access.
pkgs/npm/[email protected]/src/init/index.internals.js:65
              sourceContent = stripBom(fs.readFileSync(absPath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #613e36491d909b60 Filesystem access.
pkgs/npm/[email protected]/src/init/index.internals.js:120
      sources.map = JSON.parse(stripBom(fs.readFileSync(mapFile, 'utf8')));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81fd0b137c980069 Filesystem access.
pkgs/npm/[email protected]/src/write/index.internals.js:82
            sourceMap.sourcesContent[i] = stripBom(fs.readFileSync(sourcePath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

gulp-typescript

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #a33191cd5d677403 Filesystem access.
pkgs/npm/[email protected]/release/host.js:20
            return this.fallback.readFile(fileName);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

husky

npm dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #e26ecb2431f6359a Filesystem access.
pkgs/npm/[email protected]/bin.js:2
import f, { writeFileSync as w } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b581502a0b02d3f Filesystem access.
pkgs/npm/[email protected]/bin.js:12
	s = f.readFileSync(n)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa0efd960001d4f7 Filesystem access.
pkgs/npm/[email protected]/bin.js:15
	w(n, JSON.stringify(o, 0, /\t/.test(s) ? '\t' : 2) + '\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f14343a67382695d Filesystem access.
pkgs/npm/[email protected]/bin.js:18
	w('.husky/pre-commit', (p.env.npm_config_user_agent?.split('/')[0] ?? 'npm') + ' test\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #718ce74f800154d7 Filesystem access.
pkgs/npm/[email protected]/index.js:2
import f, { readdir, writeFileSync as w } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ccebe2a2e812bd1f Environment-variable access.
pkgs/npm/[email protected]/index.js:9
	if (process.env.HUSKY === '0') return 'HUSKY=0 skip install'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9e15df9fe677d72 Filesystem access.
pkgs/npm/[email protected]/index.js:20
	w(_('.gitignore'), '*')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f32ad10218c4721 Filesystem access.
pkgs/npm/[email protected]/index.js:22
	l.forEach(h => w(_(h), `#!/usr/bin/env sh\n. "\$(dirname "\$0")/h"`, { mode: 0o755 }))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #586ffb0446e6393e Filesystem access.
pkgs/npm/[email protected]/index.js:23
	w(_('husky.sh'), msg)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ioredis

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #452c365623ad1599 Filesystem access.
pkgs/npm/[email protected]/built/utils/index.js:4
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #452c365623ad1599 Filesystem access.
pkgs/npm/[email protected]/built/utils/index.js:4
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c18b11be835743e8 Filesystem access.
pkgs/npm/[email protected]/built/utils/index.js:362
        const data = await fs_1.promises.readFile(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

kafkajs

npm dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #7f53722af779cbd8 Environment-variable access.
pkgs/npm/[email protected]/src/env.js:2
  KAFKAJS_DEBUG_PROTOCOL_BUFFERS: process.env.KAFKAJS_DEBUG_PROTOCOL_BUFFERS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0cea4969f4d1f241 Environment-variable access.
pkgs/npm/[email protected]/src/env.js:3
  KAFKAJS_DEBUG_EXTENDED_PROTOCOL_BUFFERS: process.env.KAFKAJS_DEBUG_EXTENDED_PROTOCOL_BUFFERS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d113039f2a8e54b0 Environment-variable access.
pkgs/npm/[email protected]/src/index.js:26
  if (process.env.KAFKAJS_NO_PARTITIONER_WARNING == null) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ccd6b276457738c3 Environment-variable access.
pkgs/npm/[email protected]/src/loggers/index.js:32
  const envLogLevel = (process.env.KAFKAJS_LOG_LEVEL || '').toUpperCase()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96bf4abaecc25818 Environment-variable access.
pkgs/npm/[email protected]/src/retry/index.js:3
const isTestMode = process.env.NODE_ENV === 'test'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

lerna-changelog

npm dependency
expand_more 8 low-confidence finding(s)
low env_fs dependency Excluded from app score #a3525c7d530351f3 Filesystem access.
pkgs/npm/[email protected]/lib/configuration.js:4
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3525c7d530351f3 Filesystem access.
pkgs/npm/[email protected]/lib/configuration.js:4
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d07c627e6316df9 Filesystem access.
pkgs/npm/[email protected]/lib/configuration.js:66
        return JSON.parse(fs.readFileSync(lernaPath)).changelog;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b10f14cfd940e4dc Filesystem access.
pkgs/npm/[email protected]/lib/configuration.js:72
        return JSON.parse(fs.readFileSync(pkgPath)).changelog;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65d0ceb4613d7765 Filesystem access.
pkgs/npm/[email protected]/lib/configuration.js:80
    const pkg = JSON.parse(fs.readFileSync(pkgPath));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1aa1aaf47bc46ab Filesystem access.
pkgs/npm/[email protected]/lib/configuration.js:89
    const pkg = fs.existsSync(pkgPath) ? JSON.parse(fs.readFileSync(pkgPath)) : {};

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07feafa666c3f766 Filesystem access.
pkgs/npm/[email protected]/lib/configuration.js:90
    const lerna = fs.existsSync(lernaPath) ? JSON.parse(fs.readFileSync(lernaPath)) : {};

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81cfc6e29c03c532 Environment-variable access.
pkgs/npm/[email protected]/lib/github-api.js:52
        return process.env.GITHUB_AUTH || "";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

lint-staged

npm dependency
expand_more 20 low-confidence finding(s)
low env_fs dependency Excluded from app score #321eb53bc71b17f4 Filesystem access.
pkgs/npm/[email protected]/lib/cli.js:205
  const packageJsonFile = await readFile(path.join(dirname, '../package.json'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b27333ba21e5334c Filesystem access.
pkgs/npm/[email protected]/lib/file.js:16
    return await fs.readFile(filename)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df3e17b6f5c983ff Filesystem access.
pkgs/npm/[email protected]/lib/file.js:52
  await fs.writeFile(filename, buffer)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a4b74716fb0a0dc Filesystem access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:145
      readFile(this.mergeHeadFilename).then((buffer) => (this.mergeHeadBuffer = buffer)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4da468d536e38f1 Filesystem access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:146
      readFile(this.mergeModeFilename).then((buffer) => (this.mergeModeBuffer = buffer)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9eaae9421de30a44 Filesystem access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:147
      readFile(this.mergeMsgFilename).then((buffer) => (this.mergeMsgBuffer = buffer)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9984593e41f5754 Filesystem access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:159
        this.mergeHeadBuffer && writeFile(this.mergeHeadFilename, this.mergeHeadBuffer),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9fb48ef3954f1830 Filesystem access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:160
        this.mergeModeBuffer && writeFile(this.mergeModeFilename, this.mergeModeBuffer),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f18f57ff87c80c0 Filesystem access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:161
        this.mergeMsgBuffer && writeFile(this.mergeMsgFilename, this.mergeMsgBuffer),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ab6e9d946cb2b8a Environment-variable access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:311
    const activeIndexFile = process.env.GIT_INDEX_FILE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b135cf3fb3cace09 Environment-variable access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:312
      ? normalizePath(process.env.GIT_INDEX_FILE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1839085e6034fcc2 Environment-variable access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:313
      : process.env.GIT_INDEX_FILE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa03fd15b1b9b717 Environment-variable access.
pkgs/npm/[email protected]/lib/index.js:150
  debugLog('Unset GIT_LITERAL_PATHSPECS (was `%s`)', process.env.GIT_LITERAL_PATHSPECS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f03ed6d1e4fe2da0 Environment-variable access.
pkgs/npm/[email protected]/lib/index.js:151
  delete process.env.GIT_LITERAL_PATHSPECS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25b34afaf2f05952 Filesystem access.
pkgs/npm/[email protected]/lib/loadConfig.js:14
const readFile = async (filename) => fs.readFile(path.resolve(filename), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #548fc2ef786ef7ac Environment-variable access.
pkgs/npm/[email protected]/lib/resolveGitRepo.js:42
    debugLog('Unset GIT_DIR (was `%s`)', process.env.GIT_DIR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bbb48e1e5830085 Environment-variable access.
pkgs/npm/[email protected]/lib/resolveGitRepo.js:43
    delete process.env.GIT_DIR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a2606eb645158d7 Environment-variable access.
pkgs/npm/[email protected]/lib/resolveGitRepo.js:44
    debugLog('Unset GIT_WORK_TREE (was `%s`)', process.env.GIT_WORK_TREE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1548bfc011ed81ac Environment-variable access.
pkgs/npm/[email protected]/lib/resolveGitRepo.js:45
    delete process.env.GIT_WORK_TREE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b127afe237bdbf1 Filesystem access.
pkgs/npm/[email protected]/lib/version.js:4
  const packageJson = JSON.parse(await fs.readFile(new URL('../package.json', import.meta.url)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

mocha

npm dependency
expand_more 13 low-confidence finding(s)
low env_fs dependency Excluded from app score #102a5de5405be58c Filesystem access.
pkgs/npm/[email protected]/lib/cli/config.js:39
    require("js-yaml").load(fs.readFileSync(filepath, "utf8")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d48c0d74e56868d Filesystem access.
pkgs/npm/[email protected]/lib/cli/config.js:55
      require("strip-json-comments")(fs.readFileSync(filepath, "utf8")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a992592ac6985c49 Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:27
  const css = fs.readFileSync(path.join(srcdir, "mocha.css"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3083d9c538a81df Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:28
  const js = fs.readFileSync(path.join(srcdir, "mocha.js"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6512e0fc469ea613 Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:29
  const tmpl = fs.readFileSync(
    path.join(srcdir, "lib", "browser", "template.html"),
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ce78ca0b7e118e9 Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:32
  fs.writeFileSync(path.join(destdir, "mocha.css"), css);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34ec7352d77c5726 Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:33
  fs.writeFileSync(path.join(destdir, "mocha.js"), js);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8fcc350016549a54 Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:34
  fs.writeFileSync(path.join(destdir, "tests.spec.js"), "");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbdce35f4d1ca66a Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:35
  fs.writeFileSync(path.join(destdir, "index.html"), tmpl);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7686aefc83916cda Filesystem access.
pkgs/npm/[email protected]/lib/cli/options.js:240
      configData = fs.readFileSync(filepath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78f6ac1409b876c8 Environment-variable access.
pkgs/npm/[email protected]/lib/cli/options.js:302
  const envConfig = parse(process.env.MOCHA_OPTIONS || "");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0dcec4b109e01fe6 Environment-variable access.
pkgs/npm/[email protected]/lib/reporters/base.js:58
  (supportsColor.stdout || process.env.MOCHA_COLORS !== undefined);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b4c5897a58e1583 Filesystem access.
pkgs/npm/[email protected]/lib/reporters/json.js:90
        fs.writeFileSync(output, json);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

mongoose

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #36e88894d3a370c0 Environment-variable access.
pkgs/npm/[email protected]/lib/helpers/printJestWarning.js:5
if (typeof jest !== 'undefined' && !process.env.SUPPRESS_JEST_WARNINGS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

multer

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #519efdb33f5b2aee Filesystem access.
pkgs/npm/[email protected]/storage/disk.js:1
var fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #519efdb33f5b2aee Filesystem access.
pkgs/npm/[email protected]/storage/disk.js:1
var fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

mysql2

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #9ed53df2af7d8604 Environment-variable access.
pkgs/npm/[email protected]/lib/packets/index.js:60
  if (process.env.NODE_DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

nyc

npm dependency
expand_more 31 low-confidence finding(s)
low env_fs dependency Excluded from app score #9faac9f8fa06ba18 Filesystem access.
pkgs/npm/[email protected]/bin/nyc.js:10
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9faac9f8fa06ba18 Filesystem access.
pkgs/npm/[email protected]/bin/nyc.js:10
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cb0c704c61bbf7e Environment-variable access.
pkgs/npm/[email protected]/bin/nyc.js:53
    env.BABEL_DISABLE_CACHE = process.env.BABEL_DISABLE_CACHE = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7087142f0911a178 Environment-variable access.
pkgs/npm/[email protected]/bin/nyc.js:81
    env.SPAWN_WRAP_SHIM_ROOT = process.env.SPAWN_WRAP_SHIM_ROOT || process.env.XDG_CACHE_HOME || require('os').homedir()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7087142f0911a178 Environment-variable access.
pkgs/npm/[email protected]/bin/nyc.js:81
    env.SPAWN_WRAP_SHIM_ROOT = process.env.SPAWN_WRAP_SHIM_ROOT || process.env.XDG_CACHE_HOME || require('os').homedir()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #942e96721b64cf00 Filesystem access.
pkgs/npm/[email protected]/index.js:190
        const source = await fs.readFile(filename, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b280258aa36dce92 Filesystem access.
pkgs/npm/[email protected]/index.js:218
      const inCode = await fs.readFile(inFile, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72188803c5957c4b Filesystem access.
pkgs/npm/[email protected]/index.js:226
        await fs.writeFile(outFile, outCode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a738afa81404725 Environment-variable access.
pkgs/npm/[email protected]/index.js:353
    if (!process.env.NYC_CWD) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23f1cd3a1dcaea76 Environment-variable access.
pkgs/npm/[email protected]/index.js:375
    process.env.NYC_PROCESS_ID = this.processInfo.uuid

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df836085feaddcb7 Filesystem access.
pkgs/npm/[email protected]/index.js:409
    fs.writeFileSync(
      coverageFilename,
      JSON.stringify(coverage),
      'utf-8'
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f54b8724aa01416f Filesystem access.
pkgs/npm/[email protected]/index.js:514
      const report = JSON.parse(await fs.readFile(path.resolve(baseDirectory, filename)), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #054486dde9953040 Environment-variable access.
pkgs/npm/[email protected]/lib/commands/check-coverage.js:19
  process.env.NYC_CWD = process.cwd()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd73176a09405d7d Environment-variable access.
pkgs/npm/[email protected]/lib/commands/merge.js:33
  process.env.NYC_CWD = process.cwd()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3fa7a5a0f8c94ac Filesystem access.
pkgs/npm/[email protected]/lib/commands/merge.js:44
  await fs.writeFile(argv.outputFile, JSON.stringify(map), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07272e51b036d5bb Environment-variable access.
pkgs/npm/[email protected]/lib/commands/report.js:19
  process.env.NYC_CWD = process.cwd()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba5f18c9fe1319b1 Environment-variable access.
pkgs/npm/[email protected]/lib/config-util.js:12
  cwd = cwd || process.env.NYC_CWD || process.cwd()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7aea4f6d71a725ae Filesystem access.
pkgs/npm/[email protected]/lib/fs-promises.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7aea4f6d71a725ae Filesystem access.
pkgs/npm/[email protected]/lib/fs-promises.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7ca08c23817dee0 Environment-variable access.
pkgs/npm/[email protected]/lib/register-env.js:21
    envToCopy[env] = process.env[env]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6f958359b5928ff Environment-variable access.
pkgs/npm/[email protected]/lib/register-env.js:26
  envToCopy[envName] = process.env[envName]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbf9f35db6c98fe8 Filesystem access.
pkgs/npm/[email protected]/lib/source-maps.js:43
      fs.writeFileSync(mapPath, JSON.stringify(sourceMap))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a199e0f9fd2f8f6 Filesystem access.
pkgs/npm/[email protected]/lib/source-maps.js:68
            this.loadedMaps[hash] = JSON.parse(await fs.readFile(mapPath, 'utf8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2fde06ed281c45fe Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:6
  process.env.NYC_CONFIG ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f66ba32c04f5bef Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:15
  parent: process.env.NYC_PROCESS_ID || null

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffeab7b1eb1f8f20 Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:18
if (process.env.NYC_PROCESSINFO_EXTERNAL_ID) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #acf37f238277676b Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:19
  config._processInfo.externalId = process.env.NYC_PROCESSINFO_EXTERNAL_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f064126dacb37301 Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:20
  delete process.env.NYC_PROCESSINFO_EXTERNAL_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfbed1ce8a2b6add Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:23
if (process.env.NYC_CONFIG_OVERRIDE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01902d1110e5145c Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:24
  Object.assign(config, JSON.parse(process.env.NYC_CONFIG_OVERRIDE))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97f8b257f007bc2d Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:25
  process.env.NYC_CONFIG = JSON.stringify(config)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

prettier

npm dependency
expand_more 57 low-confidence finding(s)
low env_fs dependency Excluded from app score #44df4a07e19b7c68 Environment-variable access.
pkgs/npm/[email protected]/bin/prettier.cjs:66
if (process.env.PRETTIER_EXPERIMENTAL_CLI || index !== -1) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74c9d3123877cb51 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:10
import { createWriteStream } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99e432ab98036083 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:15
import fs from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6466a3f669b61435 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:371
  return dist_default.retry.readFile(retryOptions)(filePath, options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44ecdb6b21994810 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:516
import { statSync, realpathSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #329736233b1a8a50 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:526
import fs2 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f45fe5fb837c7b0 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:878
    string2 = fs2.readFileSync(path3.toNamespacedPath(jsonPath), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72868f98ee839314 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:1878
import fs3 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb383cfbb4850e0e Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:1955
          const content = fs3.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e49ab828b326ae7a Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:1961
          return fs3.writeFileSync(filePath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a50eb0822079ec1 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:54
import fs from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #637800d62f7e9ee8 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:96
import fs2 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97e47e25a733f170 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:107
      const buffer2 = attempt(() => fs2.readFileSync(path18), Buffer2.alloc(0));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e439ed0b34c08bd5 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:116
import fs3 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c298adc3a70c29eb Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:612
import fs4 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5ded1fd85ff39e9 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:627
              const content = fs4.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d66a57ae4257e88 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:633
              return fs4.writeFileSync(filePath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c6831912be26b58 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:2515
import fs5 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #408695cd97074835 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:2525
    string2 = fs5.readFileSync(path4.toNamespacedPath(jsonPath), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c6598be06d901aa Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:2743
import { statSync, realpathSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #189443df8c8f76f9 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:3607
import fs6 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1fe69eb7d9ac37a8 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:4855
import fs7 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c166c793a12c753a Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:5794
import fs8 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4dc3329ca6205c38 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:5820
          const store = JSON.parse(fs8.readFileSync(this.storePath, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25b0c96353ac30c8 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:5835
          fs8.writeFileSync(this.storePath, store);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73e00e0ccb7d0aa7 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:5850
          const content = fs8.readFileSync(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea12ca6808053f3f Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:6238
import fs9 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8db47ece871aa6f8 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:6252
        return fs9.readFile(filePath, "utf8").then(parse_default2).catch(noop2);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23bcac1546af2db0 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:6582
import fs10 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8c46aa1a14f24a1 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:6594
      return fs10.readFile(filePath, "utf8").catch(noop2);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e3b8d6ab36dfccd Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:10466
import fs11 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf04e6e983a181f0 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:10488
        const fileContent = fs11.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1a7f832dbaf6a59 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:10493
        const fileContent = fs11.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b79afc8c8e60d267 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:10499
        const fileBuffer = fs11.readFileSync(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac9e84f54fa2ed7e Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:10515
        const fileContent = fs11.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #941198121c81cc08 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:10521
        const fileContent = fs11.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #659b3576b49aa509 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:11366
import fs12 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77b5e3e84651e208 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:11559
import { createWriteStream } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d5880481423892f Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:11567
  return dist_default36.retry.readFile(retryOptions)(filePath, options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4c8d23caad04a2c Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:12330
import fs13 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23174e0c409e76a3 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:12395
  const ignoreManualFilesContents = await Promise.all(ignoreManualFilesPaths.map((filePath) => fs13.readFile(filePath, "utf8").catch(() => "")));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3b99ec93d867708 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:12400
  const prettierManualFilesContents = await Promise.all(prettierManualFilesPaths.map((filePath) => fs13.readFile(filePath, "utf8")));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a28fbe105182f68 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1233
import fs from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61b9e9ba2049a552 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1554
import fs9 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e88cc7f446dfcc75 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1778
import fs4 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f280bee02c04e939 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1786
import fs3 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #252a1dfe10f0e1ed Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1794
import fs2 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c39409a794d25c28 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1888
    const data = await fs4.readFile(cacheFile, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3663149aece31b3 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1906
import fs7 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #adfaaa619f889e18 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1910
import fs6 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75b9b06d4d4df01d Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1914
import fs5 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4deffdcad06266b9 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:4302
      const data = fs5.readFileSync(pathToFile, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81c04222eaf12d19 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:4506
        fs5.writeFileSync(filePath, data);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f7e91457553d7c8 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:4894
        const buffer = fs6.readFileSync(absolutePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1910bcd7b4ab016 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:5188
import fs8 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9fac958c5a697453 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:5449
  writeFormattedFile: (file, data) => fs8.writeFile(file, data)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8253a0c4a7fedef8 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:5805
      input = await fs9.readFile(filename, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

socket.io

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #846b0aea20bac381 Environment-variable access.
pkgs/npm/[email protected]/client-dist/socket.io.js:2955
        r = process.env.DEBUG;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ts-node

npm dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #c67b88a4b98eb610 Filesystem access.
pkgs/npm/[email protected]/dist-raw/node-internal-modules-cjs-loader.js:27
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c67b88a4b98eb610 Filesystem access.
pkgs/npm/[email protected]/dist-raw/node-internal-modules-cjs-loader.js:27
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99b5d08c38ee6206 Filesystem access.
pkgs/npm/[email protected]/dist-raw/node-internal-modules-esm-resolve.js:39
const {
  realpathSync,
  statSync,
  Stats,
} = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #112b0b7ce98e2c62 Filesystem access.
pkgs/npm/[email protected]/dist-raw/node-internal-modules-esm-resolve.js:43
} = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0675c0ad865c61a5 Filesystem access.
pkgs/npm/[email protected]/dist-raw/node-internalBinding-fs.js:1
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0675c0ad865c61a5 Filesystem access.
pkgs/npm/[email protected]/dist-raw/node-internalBinding-fs.js:1
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59260b53e249b857 Filesystem access.
pkgs/npm/[email protected]/dist-raw/node-internalBinding-fs.js:13
    string = fs.readFileSync(path, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad1b60ae865322da Environment-variable access.
pkgs/npm/[email protected]/dist-raw/node-options.js:48
  const envArgv = ParseNodeOptionsEnvVar(process.env.NODE_OPTIONS || '', errors);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1626467ce8ecc3ad Environment-variable access.
pkgs/npm/[email protected]/dist-raw/node-options.js:99
  if(process.env.NODE_PENDING_DEPRECATION === '1') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

tsconfig-paths

npm dependency
expand_more 12 low-confidence finding(s)
low env_fs dependency Excluded from app score #899cd1f8d067476e Environment-variable access.
pkgs/npm/[email protected]/lib/config-loader.js:30
        getEnv: function (key) { return process.env[key]; },

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73a0b9381a4ac8ea Filesystem access.
pkgs/npm/[email protected]/lib/filesystem.js:4
var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73a0b9381a4ac8ea Filesystem access.
pkgs/npm/[email protected]/lib/filesystem.js:4
var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69162872f3dbbe7f Filesystem access.
pkgs/npm/[email protected]/lib/filesystem.js:37
    fs.readFile(path, "utf8", function (err, result) {
        // If error, assume file did not exist
        if (err || !result) {
            return callback();
        }
        var json = JSON.parse(result);
        return callback(undefined, json);
    });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0417913371ba3bd9 Filesystem access.
pkgs/npm/[email protected]/lib/tsconfig-loader.js:16
var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0417913371ba3bd9 Filesystem access.
pkgs/npm/[email protected]/lib/tsconfig-loader.js:16
var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06daac8cf8cbb2ef Filesystem access.
pkgs/npm/[email protected]/lib/tsconfig-loader.js:85
        return fs.readFileSync(filename, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd5818669a091316 Environment-variable access.
pkgs/npm/[email protected]/src/config-loader.ts:68
    getEnv: (key: string) => process.env[key],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cbe532b473d4ed10 Filesystem access.
pkgs/npm/[email protected]/src/filesystem.ts:1
import * as fs from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbacde9cba8441e9 Filesystem access.
pkgs/npm/[email protected]/src/filesystem.ts:68
  fs.readFile(path, "utf8", (err, result) => {
    // If error, assume file did not exist
    if (err || !result) {
      return callback();
    }
    const json = JSON.parse(result);
    return callback(undefined, json);
  });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4d696f1de35c2b2 Filesystem access.
pkgs/npm/[email protected]/src/tsconfig-loader.ts:2
import * as fs from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79b11f2aeb47d38a Filesystem access.
pkgs/npm/[email protected]/src/tsconfig-loader.ts:120
    fs.readFileSync(filename, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

typeorm

npm dependency
expand_more 34 low-confidence finding(s)
low env_fs dependency Excluded from app score #264e577471b31685 Environment-variable access.
pkgs/npm/[email protected]/browser/cli-ts-node-esm.js:3
if ((process.env["NODE_OPTIONS"] || "").includes("--loader ts-node"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12ae3a5eb6221981 Environment-variable access.
pkgs/npm/[email protected]/browser/cli-ts-node-esm.js:11
                process.env["NODE_OPTIONS"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8eb255ca53209422 Filesystem access.
pkgs/npm/[email protected]/browser/driver/better-sqlite3/BetterSqlite3Driver.js:1
import fs from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0e5f6e550ed2ba7 Environment-variable access.
pkgs/npm/[email protected]/browser/driver/oracle/OracleDriver.js:193
            process.env.ORA_SDTZ = "UTC";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a0a1e6fb7848095 Environment-variable access.
pkgs/npm/[email protected]/browser/driver/postgres/PostgresDriver.js:227
            process.env.PGTZ = "UTC";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79a216dff656340c Filesystem access.
pkgs/npm/[email protected]/browser/driver/sqlite/SqliteDriver.js:1
import fs from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #813f10700a27e4ca Filesystem access.
pkgs/npm/[email protected]/browser/driver/sqljs/SqljsDriver.js:59
                    const database = PlatformTools.readFileSync(fileNameOrLocalStorageOrData);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17314af907eab539 Filesystem access.
pkgs/npm/[email protected]/browser/driver/sqljs/SqljsDriver.js:126
                await PlatformTools.writeFile(path, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb2ecba71530ad62 Filesystem access.
pkgs/npm/[email protected]/browser/platform/PlatformTools.d.ts:3
export { ReadStream } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #461366335ec0b0cc Filesystem access.
pkgs/npm/[email protected]/browser/platform/PlatformTools.js:3
import fs from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bde978fa3f1f4682 Filesystem access.
pkgs/npm/[email protected]/browser/platform/PlatformTools.js:8
export { ReadStream } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8a24263fccaee7f Filesystem access.
pkgs/npm/[email protected]/browser/platform/PlatformTools.js:154
        return fs.readFileSync(filename);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #721fcea866ee3601 Filesystem access.
pkgs/npm/[email protected]/browser/platform/PlatformTools.js:160
        return fs.promises.writeFile(path, data);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7747c00583f2281e Environment-variable access.
pkgs/npm/[email protected]/browser/platform/PlatformTools.js:174
        return process.env[name];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42f178c5728becdf Filesystem access.
pkgs/npm/[email protected]/browser/util/ImportUtils.js:1
import fs from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73488fd450bea2e6 Filesystem access.
pkgs/npm/[email protected]/browser/util/ImportUtils.js:71
                const parsedPackage = JSON.parse(await fs.readFile(potentialPackageJson, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fac32fbc2ba76850 Environment-variable access.
pkgs/npm/[email protected]/cli-ts-node-esm.js:5
if ((process.env["NODE_OPTIONS"] || "").includes("--loader ts-node"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab0823b6847a64b6 Environment-variable access.
pkgs/npm/[email protected]/cli-ts-node-esm.js:13
                process.env["NODE_OPTIONS"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35e941f9175c65dd Filesystem access.
pkgs/npm/[email protected]/commands/CommandUtils.js:64
        await promises_1.default.writeFile(filePath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6191083d7d4dfe70 Filesystem access.
pkgs/npm/[email protected]/commands/CommandUtils.js:70
        const file = await promises_1.default.readFile(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba05079a2af6595e Filesystem access.
pkgs/npm/[email protected]/commands/InitCommand.js:76
            const packageJsonContents = await CommandUtils_1.CommandUtils.readFile(basePath + "/package.json");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37c108205add1e35 Filesystem access.
pkgs/npm/[email protected]/commands/InitCommand.js:579
        const ourPackageJson = JSON.parse(await CommandUtils_1.CommandUtils.readFile(`${__dirname}/../package.json`));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47ee4bfea83ba858 Environment-variable access.
pkgs/npm/[email protected]/driver/oracle/OracleDriver.js:196
            process.env.ORA_SDTZ = "UTC";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d283b3d965ed03ed Environment-variable access.
pkgs/npm/[email protected]/driver/postgres/PostgresDriver.js:230
            process.env.PGTZ = "UTC";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #315cebfcf657ae42 Filesystem access.
pkgs/npm/[email protected]/driver/sqljs/SqljsDriver.js:62
                    const database = PlatformTools_1.PlatformTools.readFileSync(fileNameOrLocalStorageOrData);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f468d4bbe9099a13 Filesystem access.
pkgs/npm/[email protected]/driver/sqljs/SqljsDriver.js:129
                await PlatformTools_1.PlatformTools.writeFile(path, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #160f8f4725726114 Filesystem access.
pkgs/npm/[email protected]/platform/PlatformTools.d.ts:3
export { ReadStream } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cff54f53b70a658d Filesystem access.
pkgs/npm/[email protected]/platform/PlatformTools.js:7
const fs_1 = tslib_1.__importDefault(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0eb7f8b9aaf507e9 Filesystem access.
pkgs/npm/[email protected]/platform/PlatformTools.js:13
var fs_2 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0eb7f8b9aaf507e9 Filesystem access.
pkgs/npm/[email protected]/platform/PlatformTools.js:13
var fs_2 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8f4e8e7ff8c5c69 Filesystem access.
pkgs/npm/[email protected]/platform/PlatformTools.js:162
        return fs_1.default.readFileSync(filename);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57d7b50c564e436e Filesystem access.
pkgs/npm/[email protected]/platform/PlatformTools.js:168
        return fs_1.default.promises.writeFile(path, data);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c8231762a03e3fb Environment-variable access.
pkgs/npm/[email protected]/platform/PlatformTools.js:182
        return process.env[name];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7078fc0f127dc35 Filesystem access.
pkgs/npm/[email protected]/util/ImportUtils.js:75
                const parsedPackage = JSON.parse(await promises_1.default.readFile(potentialPackageJson, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

typescript

npm dependency
expand_more 20 low-confidence finding(s)
low env_fs dependency Excluded from app score #9d9c2f242fc10adc Filesystem access.
pkgs/npm/[email protected]/lib/_tsserver.js:51
var import_fs = __toESM(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1db239eee47c7d9b Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:309
    const envLogOptions = parseLoggingEnvironmentString(process.env.TSS_LOG);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83e78d6215fcf43f Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:535
  const traceDir = commandLineTraceDir ? (0, typescript_exports.stripQuotes)(commandLineTraceDir) : process.env.TSS_TRACE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b185b8c214fea44 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:548
        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b185b8c214fea44 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:548
        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b185b8c214fea44 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:548
        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b185b8c214fea44 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:548
        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b185b8c214fea44 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:548
        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b185b8c214fea44 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:548
        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b185b8c214fea44 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:548
        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47bb033f3b709bee Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:565
    if (process.env.XDG_CACHE_HOME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72e1423cddbc97a2 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:566
      return process.env.XDG_CACHE_HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54d304ad6fb59beb Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:569
    const homePath = import_os.default.homedir && import_os.default.homedir() || process.env.HOME || (process.env.LOGNAME || process.env.USER) && `/${usersDir}/${process.env.LOGNAME || process.env.USER}` || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54d304ad6fb59beb Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:569
    const homePath = import_os.default.homedir && import_os.default.homedir() || process.env.HOME || (process.env.LOGNAME || process.env.USER) && `/${usersDir}/${process.env.LOGNAME || process.env.USER}` || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54d304ad6fb59beb Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:569
    const homePath = import_os.default.homedir && import_os.default.homedir() || process.env.HOME || (process.env.LOGNAME || process.env.USER) && `/${usersDir}/${process.env.LOGNAME || process.env.USER}` || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54d304ad6fb59beb Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:569
    const homePath = import_os.default.homedir && import_os.default.homedir() || process.env.HOME || (process.env.LOGNAME || process.env.USER) && `/${usersDir}/${process.env.LOGNAME || process.env.USER}` || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54d304ad6fb59beb Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:569
    const homePath = import_os.default.homedir && import_os.default.homedir() || process.env.HOME || (process.env.LOGNAME || process.env.USER) && `/${usersDir}/${process.env.LOGNAME || process.env.USER}` || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #688a81438afe6d0b Filesystem access.
pkgs/npm/[email protected]/lib/_typingsInstaller.js:44
var fs = __toESM(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8483b850240525f9 Filesystem access.
pkgs/npm/[email protected]/lib/_typingsInstaller.js:88
    const content = JSON.parse(host.readFile(typesRegistryFilePath));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f290eee31d2023c8 Filesystem access.
pkgs/npm/[email protected]/lib/watchGuard.js:42
var fs = __toESM(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ws

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #d9e96b86ee9525fb Environment-variable access.
pkgs/npm/[email protected]/lib/buffer-util.js:115
if (!process.env.WS_NO_BUFFER_UTIL) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf2a3c0cebfdd753 Environment-variable access.
pkgs/npm/[email protected]/lib/validation.js:142
} /* istanbul ignore else  */ else if (!process.env.WS_NO_UTF_8_VALIDATE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

  • path-to-regexp prod — dist-only: no readable source

Development

  • @nestjs/apollo dev — dist-only: no readable source
  • @typescript-eslint/parser dev — dist-only: no readable source
  • amqp-connection-manager dev — dist-only: no readable source
  • cache-manager dev — dist-only: no readable source
  • concurrently dev — dist-only: no readable source
  • conventional-changelog dev — dist-only: no readable source
  • graphql-subscriptions dev — dist-only: no readable source
  • lerna dev — dist-only: no readable source
  • redis dev — dist-only: no readable source
  • typescript-eslint dev — dist-only: no readable source