Close Open Privacy Scan

bolt Snapshot: commit c770094
science engine v2
schedule 2026-07-02T08:12:55.292926+00:00

verified_user No application data leak found

No high-confidence exfiltration was found in application code. Dependency data flows are listed separately and do not affect this verdict.

App Privacy Score

97 /100
Low privacy risk

Low risk · 833 finding(s)

Dependency score: 67 (Medium risk)

bar_chart Score Breakdown

env_fs −3

list Scan Summary

1 high 0 medium 832 low
First-party packages: 4
Dependency packages: 37
Ecosystem: npm

swap_horiz Application data flows

No application data flows were found. See dependency data flows below.

hub Dependency data flows (1)
high ibm_db dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/installer/driverInstall.js:49 pkgs/npm/[email protected]/installer/driverInstall.js:778

</> First-Party Code

first-party (npm)

npm first-party
expand_more 14 low-confidence finding(s)
low env_fs production #2f7800e61066c48f Environment-variable access.
repo/build-packages.mjs:74
      PATH: `${process.env.PATH || ''}:${path.join(rootDir, 'node_modules/.bin')}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1e804493169a382 Filesystem access.
repo/dev/sync-exports.mjs:106
    await fs.writeFile(indexPath, fileContents, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cbc21bff5bd94c5a Filesystem access.
repo/packages/cli/src/_internal/test-helpers.ts:88
        await writeFile(join(migrationsDir, fixture.name), buildJsContent(fixture));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a7fdd8b20d7b52aa Filesystem access.
repo/packages/cli/src/_internal/test-helpers.ts:93
        await writeFile(join(migrationDir, 'up.sql'), up);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #70c26ad152dfe2b6 Filesystem access.
repo/packages/cli/src/_internal/test-helpers.ts:96
          await writeFile(join(migrationDir, 'down.sql'), down);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #daba251e8b2d139b Filesystem access.
repo/packages/cli/src/api/generate-migration.ts:31
      fs.writeFile(path.join(migrationPath, 'up.sql'), ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7acbc86f0d720753 Filesystem access.
repo/packages/cli/src/api/generate-migration.ts:32
      fs.writeFile(path.join(migrationPath, 'down.sql'), ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aba6ce597c3f484a Filesystem access.
repo/packages/cli/src/api/generate-seed.ts:31
      fs.writeFile(path.join(seedPath, 'up.sql'), ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b71c64856b8f60d9 Filesystem access.
repo/packages/cli/src/api/generate-seed.ts:32
      fs.writeFile(path.join(seedPath, 'down.sql'), ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44324b7c59fa6621 Filesystem access.
repo/packages/cli/src/api/get-umzug.ts:110
      const fileContents = await fs.readFile(upFilename, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8f06bfd4b8146859 Filesystem access.
repo/packages/cli/src/api/get-umzug.ts:120
      const fileContents = await fs.readFile(downFilename, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d3b97062f9ee590c Environment-variable access.
repo/packages/core/src/abstract-dialect/query-generator-typescript.ts:984
    if (process.env.npm_lifecycle_event !== 'mocha') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22a5a0a789613e49 Environment-variable access.
repo/packages/core/src/utils/check.ts:20
  return process.env.NODE_ENV !== 'production';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4a7f665856d48854 Filesystem access.
repo/packages/utils/src/node/read-file-if-exists.ts:15
    return await fs.readFile(filePath, options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/cli

npm first-party
expand_more 9 low-confidence finding(s)
low env_fs production #cbc21bff5bd94c5a Filesystem access.
repo/packages/cli/src/_internal/test-helpers.ts:88
        await writeFile(join(migrationsDir, fixture.name), buildJsContent(fixture));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a7fdd8b20d7b52aa Filesystem access.
repo/packages/cli/src/_internal/test-helpers.ts:93
        await writeFile(join(migrationDir, 'up.sql'), up);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #70c26ad152dfe2b6 Filesystem access.
repo/packages/cli/src/_internal/test-helpers.ts:96
          await writeFile(join(migrationDir, 'down.sql'), down);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #daba251e8b2d139b Filesystem access.
repo/packages/cli/src/api/generate-migration.ts:31
      fs.writeFile(path.join(migrationPath, 'up.sql'), ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7acbc86f0d720753 Filesystem access.
repo/packages/cli/src/api/generate-migration.ts:32
      fs.writeFile(path.join(migrationPath, 'down.sql'), ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aba6ce597c3f484a Filesystem access.
repo/packages/cli/src/api/generate-seed.ts:31
      fs.writeFile(path.join(seedPath, 'up.sql'), ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b71c64856b8f60d9 Filesystem access.
repo/packages/cli/src/api/generate-seed.ts:32
      fs.writeFile(path.join(seedPath, 'down.sql'), ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44324b7c59fa6621 Filesystem access.
repo/packages/cli/src/api/get-umzug.ts:110
      const fileContents = await fs.readFile(upFilename, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8f06bfd4b8146859 Filesystem access.
repo/packages/cli/src/api/get-umzug.ts:120
      const fileContents = await fs.readFile(downFilename, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/core

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #d3b97062f9ee590c Environment-variable access.
repo/packages/core/src/abstract-dialect/query-generator-typescript.ts:984
    if (process.env.npm_lifecycle_event !== 'mocha') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22a5a0a789613e49 Environment-variable access.
repo/packages/core/src/utils/check.ts:20
  return process.env.NODE_ENV !== 'production';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/utils

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #4a7f665856d48854 Filesystem access.
repo/packages/utils/src/node/read-file-if-exists.ts:15
    return await fs.readFile(filePath, options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

ibm_db

npm dependency
high pii_flow dependency Excluded from app score #4c9f7bead9fc96ed User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/installer/driverInstall.js:778 · flow /tmp/closeopen-pibczkcv/pkgs/npm/[email protected]/installer/driverInstall.js:49 → /tmp/closeopen-pibczkcv/pkgs/npm/[email protected]/installer/driverInstall.js:778
        var req = https.request(options, function(res) {
            // Handle redirects
            if (res.statusCode >= 300 && res.statusCode < 400 && res.headers.location) {
                var redirectUrl = new URL(res.headers.location);
                options.hostname = redirectUrl.hostname;
                options.path = redirectUrl.pathname;
                res.resume();
                var redirectReq = https.request(options, handleResponse);
                redirectReq.on('error', function(err) {
                    console.error('\nHTTPS request error:', err.message);
                    installationFailed(err.message);
                });
                redirectReq.end();
                return;
            }
            handleResponse(res);
        });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 51 low-confidence finding(s)
low env_fs dependency Excluded from app score #c30a857c198a83a8 Filesystem access.
pkgs/npm/[email protected]/installer/driverInstall.js:5
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7eb2bc179ad81fa0 Environment-variable access.
pkgs/npm/[email protected]/installer/driverInstall.js:30
if(process.env.npm_config_loglevel == 'warn') { // -quiet option

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #438b36b421f2fa43 Environment-variable access.
pkgs/npm/[email protected]/installer/driverInstall.js:33
if(process.env.npm_config_loglevel == 'silent') { // -silent option

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c01c5f76bef9332b Environment-variable access.
pkgs/npm/[email protected]/installer/driverInstall.js:48
if (process.env.npm_config_cafile) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c826352eaf52a25d Filesystem access.
pkgs/npm/[email protected]/installer/driverInstall.js:49
    const ca = fs.readFileSync(process.env.npm_config_cafile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b00caeac8a9429b Environment-variable access.
pkgs/npm/[email protected]/installer/driverInstall.js:49
    const ca = fs.readFileSync(process.env.npm_config_cafile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31308d7080e4a5cb Environment-variable access.
pkgs/npm/[email protected]/installer/driverInstall.js:52
else if (process.env.npm_package_config_cafile) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf11566654f2ccfb Filesystem access.
pkgs/npm/[email protected]/installer/driverInstall.js:53
    const ca = fs.readFileSync(process.env.npm_package_config_cafile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2ae385dd13a01fb Environment-variable access.
pkgs/npm/[email protected]/installer/driverInstall.js:53
    const ca = fs.readFileSync(process.env.npm_package_config_cafile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffafba632602789b Environment-variable access.
pkgs/npm/[email protected]/installer/driverInstall.js:61
if(process.env.npm_config_clidriver && process.env.npm_config_clidriver != true) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8f251a8624f872b Environment-variable access.
pkgs/npm/[email protected]/installer/driverInstall.js:62
    clidriverVersion = process.env.npm_config_clidriver;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2eb6520239c55c3 Environment-variable access.
pkgs/npm/[email protected]/installer/driverInstall.js:69
else if(process.env.npm_package_config_clidriver && process.env.npm_package_config_clidriver != true) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c601281599e432c Environment-variable access.
pkgs/npm/[email protected]/installer/driverInstall.js:70
    clidriverVersion = process.env.npm_package_config_clidriver;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab750082c55e7c4d Environment-variable access.
pkgs/npm/[email protected]/installer/driverInstall.js:76
else if(process.env.CLIDRIVER_DOWNLOAD_VERSION) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6136e71b098cf07 Environment-variable access.
pkgs/npm/[email protected]/installer/driverInstall.js:77
    clidriverVersion = process.env.CLIDRIVER_DOWNLOAD_VERSION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d6895600f6c83b6 Environment-variable access.
pkgs/npm/[email protected]/installer/driverInstall.js:110
installerURL = process.env.npm_config_IBM_DB_INSTALLER_URL ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #558343cbd32b5280 Environment-variable access.
pkgs/npm/[email protected]/installer/driverInstall.js:111
               process.env.npm_package_config_IBM_DB_INSTALLER_URL ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b17d75bf7782dca5 Environment-variable access.
pkgs/npm/[email protected]/installer/driverInstall.js:112
               process.env.IBM_DB_INSTALLER_URL || installerURL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f1b4a744a5a1688 Environment-variable access.
pkgs/npm/[email protected]/installer/driverInstall.js:144
    if((process.env.DOWNLOAD_CLIDRIVER == "true") &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #283c092454ad71f5 Environment-variable access.
pkgs/npm/[email protected]/installer/driverInstall.js:150
    if(process.env.DOWNLOAD_CLIDRIVER == "true"){

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13ee5050d6146c7b Environment-variable access.
pkgs/npm/[email protected]/installer/driverInstall.js:151
        process.env.IBM_DB_HOME = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e226b6f8da9acc6 Environment-variable access.
pkgs/npm/[email protected]/installer/driverInstall.js:160
    if (process.env.IBM_DB_HOME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1a51f6f8a6aea10 Environment-variable access.
pkgs/npm/[email protected]/installer/driverInstall.js:161
        if (fs.existsSync(process.env.IBM_DB_HOME) || platform == "os390") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1a727c6baa12bcb Environment-variable access.
pkgs/npm/[email protected]/installer/driverInstall.js:162
          IBM_DB_HOME = process.env.IBM_DB_HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88ee8173c3fa1c73 Environment-variable access.
pkgs/npm/[email protected]/installer/driverInstall.js:166
          printMsg(process.env.IBM_DB_HOME + " directory does not exist. Please" +

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d91991aaca85c718 Environment-variable access.
pkgs/npm/[email protected]/installer/driverInstall.js:174
        process.env.IBM_DB_HOME = IBM_DB_HOME.replace(/\s/g,'\\ ');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b36fd28bfa1cab50 Environment-variable access.
pkgs/npm/[email protected]/installer/driverInstall.js:210
                process.env.IBM_DB_HOME = undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b60ccf44ade85e40 Environment-variable access.
pkgs/npm/[email protected]/installer/driverInstall.js:391
                    process.env.IBM_DB_HOME = IBM_DB_HOME.replace(/\s/g,'\\ ');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a0fed962dc28bed Environment-variable access.
pkgs/npm/[email protected]/installer/driverInstall.js:409
                process.env.IBM_DB_HOME = IBM_DB_HOME.replace(/\s/g,'\\ ');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #148d092320f024c2 Filesystem access.
pkgs/npm/[email protected]/installer/driverInstall.js:496
                        fs.readFile(ODBC_BINDINGS_VCXPROJ_FILE, 'utf8', function (err,data) {
                            if (err)
                            {
                                console.log('\nReading failure: can not read ' +
                                'build/odbc_bindings.vcxproj! \n' +
                                'Proceeding with Pre-compiled Binary Installation.\n');
                                installPreCompiledBinary();
                                return;
                            }

                            //Removing kernel dependencies from the file.
                            // More flexible pattern to handle variations in formatting
                            var kernelLibsPattern = /kernel32\.lib[;\s]*user32\.lib[;\s]*gdi32\.lib[;\s]*winspool\.lib[;\s]*comdlg32\.lib[;\s]*advapi32\.lib[;\s]*shell32\.lib[;\s]*ole32\.lib[;\s]*oleaut32\.lib[;\s]*uuid\.lib[;\s]*odbc32\.lib[;\s]*DelayImp\.lib[;\s]*/gi;
                            var result = data.replace(kernelLibsPattern, '');
                            
                            // Check if replacement was successful
                            if (data !== result) {
                                printMsg("Successfully updated file build/odbc_bindings.vcxproj");
                            } else {
                                printMsg("Warning: Kernel dependencies pattern not found in build/odbc_bindings.vcxproj - file may have different format");
                            }

                            fs.writeFile(ODBC_BINDINGS_VCXPROJ_FILE, result, 'utf8', function (err) {
                                if (err)
                                {
                                    console.log('\nWriting failure: can not write ' + 'build/odbc_bindings.vcxproj! \n' +
                                    'Proceeding with Pre-compiled Binary Installation. \n');
                                    installPreCompiledBinary();
                                    return;
                                }
                                else printMsg("\nKernel additional dependencies removed successfully!\n");
                            });
                        });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2fe07a280efb4521 Filesystem access.
pkgs/npm/[email protected]/installer/driverInstall.js:518
                            fs.writeFile(ODBC_BINDINGS_VCXPROJ_FILE, result, 'utf8', function (err) {
                                if (err)
                                {
                                    console.log('\nWriting failure: can not write ' + 'build/odbc_bindings.vcxproj! \n' +
                                    'Proceeding with Pre-compiled Binary Installation. \n');
                                    installPreCompiledBinary();
                                    return;
                                }
                                else printMsg("\nKernel additional dependencies removed successfully!\n");
                            });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff6263d91f926dba Environment-variable access.
pkgs/npm/[email protected]/lib/odbc.js:27
if (process.env.IBM_DB_HOME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f734244a0236fcaa Environment-variable access.
pkgs/npm/[email protected]/lib/odbc.js:28
  clidriver = process.env.IBM_DB_HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa875f47d3232b92 Environment-variable access.
pkgs/npm/[email protected]/lib/odbc.js:32
  process.env.PATH = path.resolve(clidriver, 'bin') + ';' +

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e021d166d7afa438 Environment-variable access.
pkgs/npm/[email protected]/lib/odbc.js:35
                      path.resolve(clidriver, 'lib') + ';' + process.env.PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e0bf4026569b240 Environment-variable access.
pkgs/npm/[email protected]/lib/odbc.js:36
  process.env.LIB =  path.resolve(clidriver, 'bin') + ';' +

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af81f158d4edeac7 Environment-variable access.
pkgs/npm/[email protected]/lib/odbc.js:38
                      path.resolve(clidriver, 'lib') + ';' + process.env.LIB;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0fe6b27fecfd89a Environment-variable access.
pkgs/npm/[email protected]/lib/odbc.js:41
  process.env.PATH = path.resolve(clidriver, 'bin') + ':' +

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd148c834fb857e4 Environment-variable access.
pkgs/npm/[email protected]/lib/odbc.js:42
                      path.resolve(clidriver, 'lib') + ':' + process.env.PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47e180eb0dc848e6 Environment-variable access.
pkgs/npm/[email protected]/lib/odbc.js:43
  process.env.LD_LIBRARY_PATH = path.resolve(clidriver, 'lib') + ':' +

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae25f9295d0974bc Environment-variable access.
pkgs/npm/[email protected]/lib/odbc.js:44
                                path.resolve(clidriver, 'lib/icc') + ':' + process.env.LD_LIBRARY_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71a295c7efe0da61 Environment-variable access.
pkgs/npm/[email protected]/lib/odbc.js:47
  process.env.PATH = path.resolve(clidriver, 'bin') + ':' +

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01ec3ac438ff2dd9 Environment-variable access.
pkgs/npm/[email protected]/lib/odbc.js:48
                      path.resolve(clidriver, 'lib') + ':' + process.env.PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80663b418c823944 Environment-variable access.
pkgs/npm/[email protected]/lib/odbc.js:49
  process.env.DYLD_LIBRARY_PATH = path.resolve(clidriver, 'lib') + ':' +

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64ecc7b3d8ad501f Environment-variable access.
pkgs/npm/[email protected]/lib/odbc.js:50
                                  path.resolve(clidriver, 'lib/icc') + ':' + process.env.DYLD_LIBRARY_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12c74a51bbf0718b Environment-variable access.
pkgs/npm/[email protected]/lib/odbc.js:53
  process.env.PATH = path.resolve(clidriver, 'bin') + ':' +

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aacaf80f3de896c4 Environment-variable access.
pkgs/npm/[email protected]/lib/odbc.js:54
                      path.resolve(clidriver, 'lib') + ':' + process.env.PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ddc74b054f757b53 Environment-variable access.
pkgs/npm/[email protected]/lib/odbc.js:55
  process.env.LIBPATH = path.resolve(clidriver, 'lib') + ':' +

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aeb474a8a94bfd5d Environment-variable access.
pkgs/npm/[email protected]/lib/odbc.js:56
                        path.resolve(clidriver, 'lib/icc') + ':' + process.env.LIBPATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f229cb7ef84eb3b7 Filesystem access.
pkgs/npm/[email protected]/lib/odbc.js:1025
    fs.readFile(sql, function (err, sql) {
        if (err) {
            deferred ? deferred.reject(err) : cb(err);
        }
        else {
            var query = sql.toString();
            var myarray = query.split(delimiter);
            var res = "";
            if (outputfile !== undefined) {
                if (fs.existsSync(outputfile)) {
                    fs.unlinkSync(outputfile)
                }
                else {
                    fs.ensureFileSync(outputfile)
                }
            }
            for (var i = 0; i < myarray.length; i++) {
                query = (myarray[i]).trim();
                var result = [];
                if(query) {
                    result = self.querySync(query);
                    if (!Array.isArray(result)) {
                        if (outputfile === undefined) {
                            deferred ? deferred.reject(result) : cb(result);
                        }
                        else {
                            fs.appendFileSync(outputfile, result);
                        }
                    }
                    if (result.length > 0) {
                        result = JSON.stringify(result);
                        if (outputfile === undefined) {
                            res += result + delimiter;
                        }
                        else {
                            fs.appendFileSync(outputfile, result + delimiter);
                        }
                    }
                }
            }
            deferred ? deferred.resolve(res) : cb(err, res);
        }
    });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67af6ac0c0b46ec1 Filesystem access.
pkgs/npm/[email protected]/lib/odbc.js:1107
    var query = fs.readFileSync(sql, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@oclif/core

npm dependency
expand_more 24 low-confidence finding(s)
low env_fs dependency Excluded from app score #37d43690f79f19c0 Environment-variable access.
pkgs/npm/@[email protected]/lib/command.js:347
        keys.map((key) => delete process.env[key]);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d7361770eac2645 Environment-variable access.
pkgs/npm/@[email protected]/lib/config/config.js:199
        const base = process.env[`XDG_${category.toUpperCase()}_HOME`] ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16067f417480cf98 Environment-variable access.
pkgs/npm/@[email protected]/lib/config/config.js:200
            (this.windows && process.env.LOCALAPPDATA) ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #789b2e99ac454f46 Environment-variable access.
pkgs/npm/@[email protected]/lib/config/config.js:308
        this.home = process.env.HOME || (this.windows && this.windowsHome()) || (0, os_1.getHomeDir)() || (0, node_os_1.tmpdir)();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96bd077b88c4dde6 Environment-variable access.
pkgs/npm/@[email protected]/lib/config/config.js:546
        return process.env[this.scopedEnvVarKeys(k).find((k) => process.env[k])];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2076e2c51a33450 Environment-variable access.
pkgs/npm/@[email protected]/lib/config/config.js:577
        return process.env.HOMEDRIVE && process.env.HOMEPATH && (0, node_path_1.join)(process.env.HOMEDRIVE, process.env.HOMEPATH);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b2dde2a945a5496 Environment-variable access.
pkgs/npm/@[email protected]/lib/config/config.js:580
        return process.env.USERPROFILE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6c1927616c21a5e Environment-variable access.
pkgs/npm/@[email protected]/lib/config/plugin.js:223
                if (!process.env.OCLIF_NEXT_VERSION && manifest.version.split('-')[0] !== this.version.split('-')[0]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39277aa53ad91537 Environment-variable access.
pkgs/npm/@[email protected]/lib/config/ts-path.js:274
        debug(`Skipping typescript path lookup for ${root} because it's an ESM module (NODE_ENV: ${process.env.NODE_ENV}, root plugin module type: ${rootPlugin?.moduleType})`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7317215f6c7bc9b1 Environment-variable access.
pkgs/npm/@[email protected]/lib/config/ts-path.js:275
        const warningIsDisabled = process.env.OCLIF_DISABLE_LINKED_ESM_WARNING && (0, util_1.isTruthy)(process.env.OCLIF_DISABLE_LINKED_ESM_WARNING);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42eaa5ca9ef2930b Environment-variable access.
pkgs/npm/@[email protected]/lib/execute.js:52
        process.env.NODE_ENV = 'development';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ea0001fa36d8d63 Environment-variable access.
pkgs/npm/@[email protected]/lib/index.js:49
    if (process.env.OCLIF_DISABLE_ENGINE_WARNING && (0, util_1.isTruthy)(process.env.OCLIF_DISABLE_ENGINE_WARNING))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68142cc21802770f Environment-variable access.
pkgs/npm/@[email protected]/lib/parser/parse.js:17
        process.env.CLI_FLAGS_DEBUG === '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #772e91255ae5f4f4 Environment-variable access.
pkgs/npm/@[email protected]/lib/parser/parse.js:403
            if (fws.inputFlag.flag.env && process.env[fws.inputFlag.flag.env]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2a1401866bcbee8 Environment-variable access.
pkgs/npm/@[email protected]/lib/parser/parse.js:404
                const valueFromEnv = process.env[fws.inputFlag.flag.env];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ddb9d09014d1032 Environment-variable access.
pkgs/npm/@[email protected]/lib/parser/parse.js:414
                        valueFunction: async (i) => (0, util_1.isTruthy)(process.env[i.inputFlag.flag.env] ?? 'false'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ef1c49fe748f974 Environment-variable access.
pkgs/npm/@[email protected]/lib/screen.js:18
const columns = Number.parseInt(process.env.OCLIF_COLUMNS, 10) || settings_1.settings.columns;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d079f592a1f71bf0 Environment-variable access.
pkgs/npm/@[email protected]/lib/util/os.js:37
    const SHELL = process.env.SHELL ?? (0, node_os_1.userInfo)().shell?.split(node_path_1.default.sep)?.pop();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e405d6e6c0479098 Environment-variable access.
pkgs/npm/@[email protected]/lib/util/os.js:54
            : (process.env.COMSPEC ?? 'cmd.exe');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae178727c9fdbb6f Environment-variable access.
pkgs/npm/@[email protected]/lib/util/os.js:57
        return process.env.COMSPEC ?? 'cmd.exe';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9f58a6dc9b48bd2 Environment-variable access.
pkgs/npm/@[email protected]/lib/util/read-pjson.js:16
    if (process.env.OCLIF_DISABLE_RC) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db8c583458e1b4b2 Environment-variable access.
pkgs/npm/@[email protected]/lib/util/util.js:66
    return !['development', 'test'].includes(process.env.NODE_ENV ?? '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c9c20916e9ad2e8 Environment-variable access.
pkgs/npm/@[email protected]/lib/ux/index.js:29
    !process.env.CI &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40dd1a6a788bcb12 Environment-variable access.
pkgs/npm/@[email protected]/lib/ux/index.js:30
    !['dumb', 'emacs-color'].includes(process.env.TERM) &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@oclif/test

npm dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #3b5abf8d17f770ed Environment-variable access.
pkgs/npm/@[email protected]/lib/index.js:22
    return (process.env.OCLIF_TEST_ROOT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18de726f20a818cf Environment-variable access.
pkgs/npm/@[email protected]/lib/index.js:64
        NODE_ENV: process.env.NODE_ENV,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2bb80232f4b7892 Environment-variable access.
pkgs/npm/@[email protected]/lib/index.js:90
    process.env.NODE_ENV = testNodeEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b79da5641b16a8e Environment-variable access.
pkgs/npm/@[email protected]/lib/index.js:110
        process.env.NODE_ENV = originals.NODE_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@rushstack/eslint-patch

npm dependency
expand_more 32 low-confidence finding(s)
low env_fs dependency Excluded from app score #f40a0ce1dfe109ac Environment-variable access.
pkgs/npm/@[email protected]/lib-commonjs/eslint-bulk-suppressions/bulk-suppressions-file.js:15
const IS_RUNNING_IN_VSCODE = process.env[constants_1.VSCODE_PID_ENV_VAR_NAME] !== undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5ca48794d9617da Filesystem access.
pkgs/npm/@[email protected]/lib-commonjs/eslint-bulk-suppressions/bulk-suppressions-file.js:40
            rawJsonFile = node_fs_1.default.readFileSync(suppressionsPath).toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55c006430ea52fab Filesystem access.
pkgs/npm/@[email protected]/lib-commonjs/eslint-bulk-suppressions/bulk-suppressions-file.js:86
        node_fs_1.default.writeFileSync(suppressionsPath, JSON.stringify(suppressionsConfig.jsonObject, undefined, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef45c271bdcbd5f1 Environment-variable access.
pkgs/npm/@[email protected]/lib-commonjs/eslint-bulk-suppressions/bulk-suppressions-patch.js:62
const ESLINT_BULK_SUPPRESS_ENV_VAR_VALUE = process.env[constants_1.ESLINT_BULK_SUPPRESS_ENV_VAR_NAME];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a64e3126e672452a Environment-variable access.
pkgs/npm/@[email protected]/lib-commonjs/eslint-bulk-suppressions/bulk-suppressions-patch.js:158
    if (process.env[constants_1.ESLINT_BULK_ENABLE_ENV_VAR_NAME] === 'false') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be7a5d3cfc17a8b4 Environment-variable access.
pkgs/npm/@[email protected]/lib-commonjs/eslint-bulk-suppressions/bulk-suppressions-patch.js:177
    return process.env[constants_1.ESLINT_BULK_PRUNE_ENV_VAR_NAME] !== '1' && currentNodeIsSuppressed;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f98f4ae53e296935 Environment-variable access.
pkgs/npm/@[email protected]/lib-commonjs/eslint-bulk-suppressions/cli/prune.js:26
        process.env[constants_1.ESLINT_BULK_PRUNE_ENV_VAR_NAME] = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78d7357e78adfa97 Environment-variable access.
pkgs/npm/@[email protected]/lib-commonjs/eslint-bulk-suppressions/cli/suppress.js:50
        process.env[constants_1.ESLINT_BULK_SUPPRESS_ENV_VAR_NAME] = '*';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #179ef850d7d0340c Environment-variable access.
pkgs/npm/@[email protected]/lib-commonjs/eslint-bulk-suppressions/cli/suppress.js:53
        process.env[constants_1.ESLINT_BULK_SUPPRESS_ENV_VAR_NAME] = parsedArgs.rules.join(',');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14ca5dc742f06540 Environment-variable access.
pkgs/npm/@[email protected]/lib-commonjs/eslint-bulk-suppressions/constants.js:17
exports.BULK_SUPPRESSIONS_CLI_ESLINT_PACKAGE_NAME = (_a = process.env[exports.ESLINT_PACKAGE_NAME_ENV_VAR_NAME]) !== null && _a !== void 0 ? _a : 'eslint';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8062d8a8e365697 Environment-variable access.
pkgs/npm/@[email protected]/lib-commonjs/eslint-bulk-suppressions/generate-patched-file.js:17
    const generateEnvVarValue = process.env[constants_1.ESLINT_BULK_FORCE_REGENERATE_PATCH_ENV_VAR_NAME];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e6a837fb8a8413f Filesystem access.
pkgs/npm/@[email protected]/lib-commonjs/eslint-bulk-suppressions/generate-patched-file.js:24
    const inputFile = node_fs_1.default.readFileSync(inputFilePath).toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1280c9b5489093dc Filesystem access.
pkgs/npm/@[email protected]/lib-commonjs/eslint-bulk-suppressions/generate-patched-file.js:354
    node_fs_1.default.writeFileSync(outputFilePath, outputFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0eb5ac9d2f76ac1f Environment-variable access.
pkgs/npm/@[email protected]/lib-commonjs/eslint-bulk-suppressions/index.js:14
const eslintBulkDetectEnvVarValue = process.env[constants_1.ESLINT_BULK_DETECT_ENV_VAR_NAME];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #980b83f478c8f8dd Environment-variable access.
pkgs/npm/@[email protected]/lib-commonjs/eslint-bulk-suppressions/index.js:20
process.env[constants_1.ESLINT_BULK_PATCH_PATH_ENV_VAR_NAME] = require.resolve('./bulk-suppressions-patch');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a87234625c817a9 Environment-variable access.
pkgs/npm/@[email protected]/lib-commonjs/eslint-bulk-suppressions/path-utils.js:18
    const eslintBulkDetectEnvVarValue = process.env[constants_1.ESLINT_BULK_DETECT_ENV_VAR_NAME];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00e2e35f21b18156 Environment-variable access.
pkgs/npm/@[email protected]/lib-esm/eslint-bulk-suppressions/bulk-suppressions-file.js:5
const IS_RUNNING_IN_VSCODE = process.env[VSCODE_PID_ENV_VAR_NAME] !== undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4426e21b2936074f Filesystem access.
pkgs/npm/@[email protected]/lib-esm/eslint-bulk-suppressions/bulk-suppressions-file.js:30
            rawJsonFile = fs.readFileSync(suppressionsPath).toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57f7cc6ba5c027c5 Filesystem access.
pkgs/npm/@[email protected]/lib-esm/eslint-bulk-suppressions/bulk-suppressions-file.js:76
        fs.writeFileSync(suppressionsPath, JSON.stringify(suppressionsConfig.jsonObject, undefined, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9eed841cbedf747 Environment-variable access.
pkgs/npm/@[email protected]/lib-esm/eslint-bulk-suppressions/bulk-suppressions-patch.js:18
const ESLINT_BULK_SUPPRESS_ENV_VAR_VALUE = process.env[ESLINT_BULK_SUPPRESS_ENV_VAR_NAME];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #864ecd71f12d5536 Environment-variable access.
pkgs/npm/@[email protected]/lib-esm/eslint-bulk-suppressions/bulk-suppressions-patch.js:114
    if (process.env[ESLINT_BULK_ENABLE_ENV_VAR_NAME] === 'false') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72fd453362af0ccf Environment-variable access.
pkgs/npm/@[email protected]/lib-esm/eslint-bulk-suppressions/bulk-suppressions-patch.js:133
    return process.env[ESLINT_BULK_PRUNE_ENV_VAR_NAME] !== '1' && currentNodeIsSuppressed;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a467ace31665891 Environment-variable access.
pkgs/npm/@[email protected]/lib-esm/eslint-bulk-suppressions/cli/prune.js:20
        process.env[ESLINT_BULK_PRUNE_ENV_VAR_NAME] = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb5ce380fd8c2aa2 Environment-variable access.
pkgs/npm/@[email protected]/lib-esm/eslint-bulk-suppressions/cli/suppress.js:47
        process.env[ESLINT_BULK_SUPPRESS_ENV_VAR_NAME] = '*';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4391685320ea79f3 Environment-variable access.
pkgs/npm/@[email protected]/lib-esm/eslint-bulk-suppressions/cli/suppress.js:50
        process.env[ESLINT_BULK_SUPPRESS_ENV_VAR_NAME] = parsedArgs.rules.join(',');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5cb41ddb274abf71 Environment-variable access.
pkgs/npm/@[email protected]/lib-esm/eslint-bulk-suppressions/constants.js:14
export const BULK_SUPPRESSIONS_CLI_ESLINT_PACKAGE_NAME = (_a = process.env[ESLINT_PACKAGE_NAME_ENV_VAR_NAME]) !== null && _a !== void 0 ? _a : 'eslint';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbbb58f4ce011046 Environment-variable access.
pkgs/npm/@[email protected]/lib-esm/eslint-bulk-suppressions/generate-patched-file.js:11
    const generateEnvVarValue = process.env[ESLINT_BULK_FORCE_REGENERATE_PATCH_ENV_VAR_NAME];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c77054972880f73 Filesystem access.
pkgs/npm/@[email protected]/lib-esm/eslint-bulk-suppressions/generate-patched-file.js:18
    const inputFile = fs.readFileSync(inputFilePath).toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #064d751d24103441 Filesystem access.
pkgs/npm/@[email protected]/lib-esm/eslint-bulk-suppressions/generate-patched-file.js:348
    fs.writeFileSync(outputFilePath, outputFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9fdd534b34139c79 Environment-variable access.
pkgs/npm/@[email protected]/lib-esm/eslint-bulk-suppressions/index.js:12
const eslintBulkDetectEnvVarValue = process.env[ESLINT_BULK_DETECT_ENV_VAR_NAME];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4fdaeb22cecf5251 Environment-variable access.
pkgs/npm/@[email protected]/lib-esm/eslint-bulk-suppressions/index.js:18
process.env[ESLINT_BULK_PATCH_PATH_ENV_VAR_NAME] = require.resolve('./bulk-suppressions-patch');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #074864eedc707994 Environment-variable access.
pkgs/npm/@[email protected]/lib-esm/eslint-bulk-suppressions/path-utils.js:10
    const eslintBulkDetectEnvVarValue = process.env[ESLINT_BULK_DETECT_ENV_VAR_NAME];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@sequelize/core

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #bfec5e4aa467bd2f Environment-variable access.
pkgs/npm/@[email protected]/lib/abstract-dialect/query-generator-typescript.js:735
    if (process.env.npm_lifecycle_event !== "mocha") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@sequelize/utils

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #dfc3feaa88675913 Filesystem access.
pkgs/npm/@[email protected]/lib/node/read-file-if-exists.js:38
    return await import_promises.default.readFile(filePath, options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

bnf-parser

npm dependency
expand_more 16 low-confidence finding(s)
low env_fs dependency Excluded from app score #c3cc5d5dbd0116bf Filesystem access.
pkgs/npm/[email protected]/bin/cli.js:5
import { readdirSync, existsSync, readFileSync, writeFileSync, appendFileSync, statSync, mkdirSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8be0e85738eb328 Filesystem access.
pkgs/npm/[email protected]/bin/cli.js:84
    const data = readFileSync(file, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4d97c1c8a198179 Filesystem access.
pkgs/npm/[email protected]/bin/cli.js:123
    writeFileSync(`${out_dir}/${name}.d.ts`, types);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #975ca3c9b95d2166 Filesystem access.
pkgs/npm/[email protected]/bin/cli.js:128
            writeFileSync(`${out_dir}/${name}.wat`, mod.emitText());

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fea5bf186eafb997 Filesystem access.
pkgs/npm/[email protected]/bin/cli.js:138
        writeFileSync(`${out_dir}/${name}.js`, GenerateRunner(lang, mod.emitBinary()));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7171828b89d4adf6 Filesystem access.
pkgs/npm/[email protected]/bin/cli.js:149
writeFileSync(`${out_dir}/shared.js`, wasm.Runner.toString());

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c660d2c57af7590 Filesystem access.
pkgs/npm/[email protected]/bin/cli.js:150
writeFileSync(`${out_dir}/shared.d.ts`, readFileSync(`${script}/artifacts/shared.d.ts`, "utf8")
    .replace(/    /gm, "\t")
    .replace(/\r\n/g, "\n"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e072021f8562c653 Filesystem access.
pkgs/npm/[email protected]/bin/cli.js:150
writeFileSync(`${out_dir}/shared.d.ts`, readFileSync(`${script}/artifacts/shared.d.ts`, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68870afeefdbc0a1 Filesystem access.
pkgs/npm/[email protected]/bin/cli.js:153
appendFileSync(`${out_dir}/shared.js`, readFileSync(`${script}/artifacts/shared.js`, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c238dfcf600e8d30 Filesystem access.
pkgs/npm/[email protected]/bin/wasm/test-run.js:1
import { writeFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0aedcbe46ea83d5 Filesystem access.
pkgs/npm/[email protected]/bin/wasm/test-run.js:12
writeFileSync("out.wasm", myModule.emitBinary());

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36b3e45464a02a9d Filesystem access.
pkgs/npm/[email protected]/bin/wasm/test-run.js:20
    writeFileSync("out.wat", myModule.emitText());

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f9d17bd78546189 Filesystem access.
pkgs/npm/[email protected]/bin/wasm/test-run.js:21
    writeFileSync("out.wasm", bin);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #687ffaf73d15c307 Filesystem access.
pkgs/npm/[email protected]/bin/wasm/test-run.js:46
writeFileSync("dump.json", JSON.stringify(output.root, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a384f256fe6d8519 Filesystem access.
pkgs/npm/[email protected]/bin/wasm/test-types.js:1
import { writeFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #566a40f9ac951cc2 Filesystem access.
pkgs/npm/[email protected]/bin/wasm/test-types.js:34
writeFileSync("./dump.d.ts", types.CompileTypes(lang));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

chai

npm dependency
expand_more 8 low-confidence finding(s)
low env_fs dependency Excluded from app score #d1a6e6bd3af0713a Environment-variable access.
pkgs/npm/[email protected]/karma.conf.js:26
  switch (process.env.CHAI_TEST_ENV) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ecfcccbe729984c Environment-variable access.
pkgs/npm/[email protected]/karma.sauce.js:11
    auth.SAUCE_USERNAME = process.env.SAUCE_USERNAME || null;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d95631d29ca0a7c9 Environment-variable access.
pkgs/npm/[email protected]/karma.sauce.js:12
    auth.SAUCE_ACCESS_KEY = process.env.SAUCE_ACCESS_KEY || null;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f06b35716377cd4a Environment-variable access.
pkgs/npm/[email protected]/karma.sauce.js:16
  if (process.env.SKIP_SAUCE) return;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a325414393bd3cde Environment-variable access.
pkgs/npm/[email protected]/karma.sauce.js:18
  var branch = process.env.TRAVIS_BRANCH || 'local'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2433e5e0c3dcc2e Environment-variable access.
pkgs/npm/[email protected]/karma.sauce.js:22
  var tunnel = process.env.TRAVIS_JOB_NUMBER || ts;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f11f4bb868fd4630 Environment-variable access.
pkgs/npm/[email protected]/karma.sauce.js:24
  if (process.env.TRAVIS_JOB_NUMBER) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b013921bf7f8c7c8 Environment-variable access.
pkgs/npm/[email protected]/karma.sauce.js:25
    tags.push('travis@' + process.env.TRAVIS_JOB_NUMBER);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

dayjs

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #01f608a518f2b4ac Environment-variable access.
pkgs/npm/[email protected]/esm/plugin/devHelper/index.js:4
  if (!process || process.env.NODE_ENV !== 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9399663bfec06a05 Environment-variable access.
pkgs/npm/[email protected]/plugin/devHelper.js:1
!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e||self).dayjs_plugin_devHelper=t()}(this,(function(){"use strict";return function(e,t,s){if(!process||"production"!==process.env.NODE_ENV){var o=t.prototype,n=o.parse;o.parse=function(e){var t=e.date;return"string"==typeof t&&13===t.length&&console.warn("To parse a Unix timestamp like "+t+", you should pass it as a Number. https://day.js.org/docs/en/parse/unix-timestamp-milliseconds"),"number"==typeof t&&4===String(t).length&&console.warn("Guessing you may want to parse the Year "+t+", you should pass it as a String "+t+", not a Number. Otherwise, "+t+" will be treated as a Unix timestamp"),e.args.length>=2&&!s.p.customParseFormat&&console.warn("To parse a date-time string like "+t+" using the given format, you should enable customParseFormat plugin first. https://day.js.org/docs/en/parse/string-format"),n.bind(this)(e)};var a=s.locale;s.locale=function(e,t,o){return void 0===t&&"string"==typeof e&&(s.Ls[e]||console.warn("Guessing you may want to use locale "+e+", you have to load it before using it. https://day.js.org/docs/en/i18n/loading-into-nodejs")),a(e,t,o)};var i=o.diff;o.diff=function(e,t,o){return(!e||!s(e).isValid())&&console.warn("Invalid usage: diff() requires a valid comparison date as the first argument. https://day.js.org/docs/en/display/difference"),i.call(this,e,t,o)}}}}));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

debug

npm dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #925c7986a8aa4e06 Environment-variable access.
pkgs/npm/[email protected]/src/browser.js:230
		r = process.env.DEBUG;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9165edc5d50a3e98 Environment-variable access.
pkgs/npm/[email protected]/src/node.js:136
	let val = process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e21cf8da9ac5c8f9 Environment-variable access.
pkgs/npm/[email protected]/src/node.js:205
		process.env.DEBUG = namespaces;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a79e643299d0fe0 Environment-variable access.
pkgs/npm/[email protected]/src/node.js:209
		delete process.env.DEBUG;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc8ec0dd4ff388da Environment-variable access.
pkgs/npm/[email protected]/src/node.js:221
	return process.env.DEBUG;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

esbuild

npm dependency
expand_more 22 low-confidence finding(s)
low env_fs dependency Excluded from app score #010cf7ed5a98ab20 Filesystem access.
pkgs/npm/[email protected]/install.js:26
var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f4f97d82aae0623 Environment-variable access.
pkgs/npm/[email protected]/install.js:29
var ESBUILD_BINARY_PATH = process.env.ESBUILD_BINARY_PATH || ESBUILD_BINARY_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7fc0ebc8635187a Filesystem access.
pkgs/npm/[email protected]/install.js:89
var fs2 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c75835c571e49224 Filesystem access.
pkgs/npm/[email protected]/install.js:186
    fs2.writeFileSync(path2.join(installDir, "package.json"), "{}");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #069d1a2b43081ac2 Filesystem access.
pkgs/npm/[email protected]/install.js:192
    binaryIntegrityCheck(pkg, subpath, fs2.readFileSync(installedBinPath));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d865c9b13736965e Filesystem access.
pkgs/npm/[email protected]/install.js:217
  fs2.writeFileSync(toPath, `#!/usr/bin/env node
require('child_process').execFileSync(${pathString}, process.argv.slice(2), { stdio: 'inherit' });
`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0fbf43a96100ddc6 Filesystem access.
pkgs/npm/[email protected]/install.js:221
  const code = fs2.readFileSync(libMain, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38595bd5b61627cc Filesystem access.
pkgs/npm/[email protected]/install.js:222
  fs2.writeFileSync(libMain, `var ESBUILD_BINARY_PATH = ${pathString};
${code}`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #658f9191daf9d850 Filesystem access.
pkgs/npm/[email protected]/install.js:250
    fs2.writeFileSync(binPath, bytes);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0484941ae7949e48 Filesystem access.
pkgs/npm/[email protected]/lib/main.js:1020
            fs3.readFile(response.code, (err, contents) => {
              if (err !== null) {
                callback(err, null);
              } else {
                response.code = contents;
                next();
              }
            });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fecb761aeee47183 Filesystem access.
pkgs/npm/[email protected]/lib/main.js:1031
            fs3.readFile(response.map, (err, contents) => {
              if (err !== null) {
                callback(err, null);
              } else {
                response.map = contents;
                next();
              }
            });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95e4a8d7a74cb6c6 Filesystem access.
pkgs/npm/[email protected]/lib/main.js:1057
      start = () => fs3.writeFile(input, next);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a05ea93c1012d6cf Filesystem access.
pkgs/npm/[email protected]/lib/main.js:1714
            contents = streamIn.readFileSync(match[1], "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2077364cb7e98c47 Filesystem access.
pkgs/npm/[email protected]/lib/main.js:1886
var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34fad0ee85d21a59 Environment-variable access.
pkgs/npm/[email protected]/lib/main.js:1889
var ESBUILD_BINARY_PATH = process.env.ESBUILD_BINARY_PATH || ESBUILD_BINARY_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2cf36ffbb437ac65 Filesystem access.
pkgs/npm/[email protected]/lib/main.js:2080
var fs2 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #083270a1c62044cb Environment-variable access.
pkgs/npm/[email protected]/lib/main.js:2084
if (process.env.ESBUILD_WORKER_THREADS !== "0") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #701a46824bd567e8 Filesystem access.
pkgs/npm/[email protected]/lib/main.js:2122
      let contents = fs2.readFileSync(tempFile, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7b00514a59811b2 Filesystem access.
pkgs/npm/[email protected]/lib/main.js:2135
      fs2.writeFileSync(tempFile, contents);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb7cb78e8d575426 Filesystem access.
pkgs/npm/[email protected]/lib/main.js:2145
      fs2.readFile(tempFile, "utf8", (err, contents) => {
        try {
          fs2.unlink(tempFile, () => callback(err, contents));
        } catch {
          callback(err, contents);
        }
      });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78bc0dbb16dfdb52 Filesystem access.
pkgs/npm/[email protected]/lib/main.js:2159
      fs2.writeFile(tempFile, contents, (err) => err !== null ? callback(null) : callback(tempFile));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f943033aac8e9c1b Environment-variable access.
pkgs/npm/[email protected]/lib/main.js:2380
    maxBuffer: +process.env.ESBUILD_MAX_BUFFER || 16 * 1024 * 1024

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

eslint

npm dependency
expand_more 19 low-confidence finding(s)
low env_fs dependency Excluded from app score #a0ffcd8aafc01029 Filesystem access.
pkgs/npm/[email protected]/lib/cli-engine/cli-engine.js:18
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac4b4c4a96bc6584 Filesystem access.
pkgs/npm/[email protected]/lib/cli-engine/cli-engine.js:725
            fs.writeFileSync(result.filePath, result.output);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65ea352ce126fbbd Filesystem access.
pkgs/npm/[email protected]/lib/cli-engine/cli-engine.js:835
                text: fs.readFileSync(filePath, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8160d860ef8e583 Filesystem access.
pkgs/npm/[email protected]/lib/cli-engine/file-enumerator.js:37
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0207231bee88dbb Filesystem access.
pkgs/npm/[email protected]/lib/cli-engine/lint-result-cache.js:12
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c850195295a2ef1 Filesystem access.
pkgs/npm/[email protected]/lib/cli-engine/lint-result-cache.js:149
            results.source = fs.readFileSync(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #293ed05679631d4d Filesystem access.
pkgs/npm/[email protected]/lib/cli-engine/load-rules.js:12
const fs = require("fs"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78e812dd7640e597 Filesystem access.
pkgs/npm/[email protected]/lib/cli.js:18
const fs = require("fs"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a74dd6bc24474c9 Filesystem access.
pkgs/npm/[email protected]/lib/eslint/eslint-helpers.js:13
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e944d163a7b4571 Filesystem access.
pkgs/npm/[email protected]/lib/eslint/eslint.js:14
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #896fc5a351c84769 Filesystem access.
pkgs/npm/[email protected]/lib/eslint/flat-eslint.js:13
const fs = require("fs").promises;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39fabc0f234f3c59 Filesystem access.
pkgs/npm/[email protected]/lib/eslint/flat-eslint.js:14
const { existsSync } = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7da8b5af5749929c Filesystem access.
pkgs/npm/[email protected]/lib/eslint/flat-eslint.js:649
                .map(r => fs.writeFile(r.filePath, r.output))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a518b427ad7ef163 Filesystem access.
pkgs/npm/[email protected]/lib/eslint/flat-eslint.js:849
                return fs.readFile(filePath, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ba3d8f4745f1820 Environment-variable access.
pkgs/npm/[email protected]/lib/eslint/flat-eslint.js:1137
    switch (process.env.ESLINT_USE_FLAT_CONFIG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f1327789bb11ccc Environment-variable access.
pkgs/npm/[email protected]/lib/linter/timing.js:42
const enabled = !!process.env.TIMING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38abaf7c60a927c3 Environment-variable access.
pkgs/npm/[email protected]/lib/linter/timing.js:54
    if (typeof process.env.TIMING !== "string") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a1cb1f4ca4ef5a3 Environment-variable access.
pkgs/npm/[email protected]/lib/linter/timing.js:58
    if (process.env.TIMING.toLowerCase() === "all") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdaa505de2f267b3 Environment-variable access.
pkgs/npm/[email protected]/lib/linter/timing.js:62
    const TIMING_ENV_VAR_AS_INTEGER = Number.parseInt(process.env.TIMING, 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

eslint-plugin-jsdoc

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #66c899bfc26fc848 Filesystem access.
pkgs/npm/[email protected]/src/getJsdocProcessorPlugin.js:35
  readFileSync(join(import.meta.dirname, '../package.json'), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69f6f87cad6098cd Filesystem access.
pkgs/npm/[email protected]/src/rules/importsAsDependencies.js:26
      readFileSync(join(process.cwd(), './package.json'), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3d8999d612c13e6 Filesystem access.
pkgs/npm/[email protected]/src/rules/importsAsDependencies.js:101
              readFileSync(join(process.cwd(), 'node_modules', mod, './package.json'), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

fast-glob

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #8e5dbec76ea07663 Filesystem access.
pkgs/npm/[email protected]/out/readers/reader.d.ts:2
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca6c6582acf0f056 Filesystem access.
pkgs/npm/[email protected]/out/settings.js:4
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe1907d71ed9d04e Filesystem access.
pkgs/npm/[email protected]/out/utils/fs.d.ts:2
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

fs-jetpack

npm dependency
expand_more 14 low-confidence finding(s)
low env_fs dependency Excluded from app score #348336f4d3c39fd6 Filesystem access.
pkgs/npm/[email protected]/lib/copy.js:100
  const data = fs.readFileSync(srcPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c9b241dc1e6b4bf Filesystem access.
pkgs/npm/[email protected]/lib/copy.js:102
    fs.writeFileSync(destPath, data, { mode, flag: "wx" });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0c255304f9b1374 Filesystem access.
pkgs/npm/[email protected]/lib/copy.js:108
        fs.writeFileSync(destPath, data, { mode });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7298af67f7a98df2 Filesystem access.
pkgs/npm/[email protected]/lib/inspect.js:88
  const data = fs.readFileSync(path);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82966d19af6a03b2 Filesystem access.
pkgs/npm/[email protected]/lib/read.js:60
    data = fs.readFileSync(path, { encoding });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d46330adee91f0b1 Filesystem access.
pkgs/npm/[email protected]/lib/read.js:95
    fs.readFile(path, { encoding })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #395f57bd8964e0fd Filesystem access.
pkgs/npm/[email protected]/lib/streams.js:3
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71b0a0f6ef0efaf4 Filesystem access.
pkgs/npm/[email protected]/lib/utils/fs.js:5
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4337802cfa1a168 Filesystem access.
pkgs/npm/[email protected]/lib/utils/tree_walker.js:3
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b972267fcf8b71f0 Filesystem access.
pkgs/npm/[email protected]/lib/write.js:46
    fs.writeFileSync(path, data, options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6d398c871c5e335 Filesystem access.
pkgs/npm/[email protected]/lib/write.js:51
      fs.writeFileSync(path, data, options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25f750eb030a2b67 Filesystem access.
pkgs/npm/[email protected]/lib/write.js:84
    fs.writeFile(path, data, options)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aefe495267e40760 Filesystem access.
pkgs/npm/[email protected]/lib/write.js:94
              return fs.writeFile(path, data, options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aae727fbc691d2b5 Filesystem access.
pkgs/npm/[email protected]/types.d.ts:5
import * as fs from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

husky

npm dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #926cc5bb522eb90f Filesystem access.
pkgs/npm/[email protected]/bin.js:2
import f, { writeFileSync as w } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e23a068eb7bef5fd Filesystem access.
pkgs/npm/[email protected]/bin.js:12
	s = f.readFileSync(n)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #462b6392fde91671 Filesystem access.
pkgs/npm/[email protected]/bin.js:15
	w(n, JSON.stringify(o, 0, /\t/.test(s) ? '\t' : 2) + '\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1fb6fa23590f0af4 Filesystem access.
pkgs/npm/[email protected]/bin.js:18
	w('.husky/pre-commit', (p.env.npm_config_user_agent?.split('/')[0] ?? 'npm') + ' test\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #faa99512d2981580 Filesystem access.
pkgs/npm/[email protected]/index.js:2
import f, { readdir, writeFileSync as w } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #263577ce729a2787 Environment-variable access.
pkgs/npm/[email protected]/index.js:9
	if (process.env.HUSKY === '0') return 'HUSKY=0 skip install'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8726c41be2a4973d Filesystem access.
pkgs/npm/[email protected]/index.js:20
	w(_('.gitignore'), '*')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bdde02395bcb8acc Filesystem access.
pkgs/npm/[email protected]/index.js:22
	l.forEach(h => w(_(h), `#!/usr/bin/env sh\n. "\$(dirname "\$0")/h"`, { mode: 0o755 }))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a35cf19b9433edb0 Filesystem access.
pkgs/npm/[email protected]/index.js:23
	w(_('husky.sh'), msg)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

lcov-result-merger

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #1ea0b393db27e1f6 Filesystem access.
pkgs/npm/[email protected]/bin/lcov-result-merger.js:68
    process.stdout.write(await readFile(tempFilePath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #682f2eb989fe6e35 Filesystem access.
pkgs/npm/[email protected]/index.js:92
    const fileContent = await readFile(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6ee8834fb0eedde Filesystem access.
pkgs/npm/[email protected]/index.js:98
  await writeFile(tmpFile, Buffer.from(report.toString()), {
    encoding: 'utf-8',
    flag: 'w+',
  });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

lint-staged

npm dependency
expand_more 16 low-confidence finding(s)
low env_fs dependency Excluded from app score #60ed3d56ead4b8f4 Filesystem access.
pkgs/npm/[email protected]/lib/file.js:16
    return await fs.readFile(filename)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c65d9d722c867495 Filesystem access.
pkgs/npm/[email protected]/lib/file.js:52
  await fs.writeFile(filename, buffer)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7529af5a547fa779 Filesystem access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:160
      readFile(this.mergeHeadFilename).then((buffer) => (this.mergeHeadBuffer = buffer)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cec252c0723b272f Filesystem access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:161
      readFile(this.mergeModeFilename).then((buffer) => (this.mergeModeBuffer = buffer)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2483a2ae4c9e807 Filesystem access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:162
      readFile(this.mergeMsgFilename).then((buffer) => (this.mergeMsgBuffer = buffer)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e2c797513fb9017 Filesystem access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:174
        this.mergeHeadBuffer && writeFile(this.mergeHeadFilename, this.mergeHeadBuffer),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0367ea5400661314 Filesystem access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:175
        this.mergeModeBuffer && writeFile(this.mergeModeFilename, this.mergeModeBuffer),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #292a0d4c806b3f45 Filesystem access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:176
        this.mergeMsgBuffer && writeFile(this.mergeMsgFilename, this.mergeMsgBuffer),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #434454e52680bb3e Environment-variable access.
pkgs/npm/[email protected]/lib/index.js:142
  debugLog('Unset GIT_LITERAL_PATHSPECS (was `%s`)', process.env.GIT_LITERAL_PATHSPECS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c26fdc550fc2f05 Environment-variable access.
pkgs/npm/[email protected]/lib/index.js:143
  delete process.env.GIT_LITERAL_PATHSPECS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f58795d99e4053fa Filesystem access.
pkgs/npm/[email protected]/lib/loadConfig.js:14
const readFile = async (filename) => fs.readFile(path.resolve(filename), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #249e4062d67ee544 Environment-variable access.
pkgs/npm/[email protected]/lib/resolveGitRepo.js:42
    debugLog('Unset GIT_DIR (was `%s`)', process.env.GIT_DIR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d2fbc1c917f7819 Environment-variable access.
pkgs/npm/[email protected]/lib/resolveGitRepo.js:43
    delete process.env.GIT_DIR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #349f4789eedc0576 Environment-variable access.
pkgs/npm/[email protected]/lib/resolveGitRepo.js:44
    debugLog('Unset GIT_WORK_TREE (was `%s`)', process.env.GIT_WORK_TREE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea90780c5c6e3221 Environment-variable access.
pkgs/npm/[email protected]/lib/resolveGitRepo.js:45
    delete process.env.GIT_WORK_TREE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6452d935c779e703 Filesystem access.
pkgs/npm/[email protected]/lib/version.js:4
  const packageJson = JSON.parse(await fs.readFile(new URL('../package.json', import.meta.url)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

mariadb

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #3a1bead07216a493 Filesystem access.
pkgs/npm/[email protected]/lib/cmd/handshake/auth/caching-sha2-password-auth.js:86
                  key = fs.readFileSync(key, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f38d716e8622bafc Filesystem access.
pkgs/npm/[email protected]/lib/cmd/handshake/auth/sha256-password-auth.js:54
              key = fs.readFileSync(key, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3791b1334d8b1614 Environment-variable access.
pkgs/npm/[email protected]/lib/config/connection-options.js:30
    this.user = opts.user || process.env.USERNAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

markdownlint-cli

npm dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #d3da7dfba0f685c6 Filesystem access.
pkgs/npm/[email protected]/markdownlint.js:194
      fs.writeFileSync(options.output, lintResultString);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3623058d4e47c92 Filesystem access.
pkgs/npm/[email protected]/markdownlint.js:278
  const ignoreText = fs.readFileSync(ignorePath, fsOptions);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c02f7adc53af8dc Filesystem access.
pkgs/npm/[email protected]/markdownlint.js:323
        const originalText = fs.readFileSync(file, fsOptions);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a584038c447df0aa Filesystem access.
pkgs/npm/[email protected]/markdownlint.js:326
          fs.writeFileSync(file, fixedText, fsOptions);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

mocha

npm dependency
expand_more 13 low-confidence finding(s)
low env_fs dependency Excluded from app score #f2e9e456241bca64 Filesystem access.
pkgs/npm/[email protected]/lib/cli/config.js:38
  yaml: filepath => require('js-yaml').load(fs.readFileSync(filepath, 'utf8')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16416f83c8171d00 Filesystem access.
pkgs/npm/[email protected]/lib/cli/config.js:54
      require('strip-json-comments')(fs.readFileSync(filepath, 'utf8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #efaaf8f2d6884a07 Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:27
  const css = fs.readFileSync(path.join(srcdir, 'mocha.css'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3bbac1d8dd28211 Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:28
  const js = fs.readFileSync(path.join(srcdir, 'mocha.js'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd4923eacb45e8d8 Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:29
  const tmpl = fs.readFileSync(
    path.join(srcdir, 'lib', 'browser', 'template.html')
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dfaa0e6146e514f0 Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:32
  fs.writeFileSync(path.join(destdir, 'mocha.css'), css);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9287e7f52edefb7c Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:33
  fs.writeFileSync(path.join(destdir, 'mocha.js'), js);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e3f32c8520df88a Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:34
  fs.writeFileSync(path.join(destdir, 'tests.spec.js'), '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0914ab4ce72ff8bb Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:35
  fs.writeFileSync(path.join(destdir, 'index.html'), tmpl);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e751b2ae8b65666d Filesystem access.
pkgs/npm/[email protected]/lib/cli/options.js:239
      configData = fs.readFileSync(filepath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c42830710225507 Environment-variable access.
pkgs/npm/[email protected]/lib/cli/options.js:302
  const envConfig = parse(process.env.MOCHA_OPTIONS || '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65525127b6cb2177 Environment-variable access.
pkgs/npm/[email protected]/lib/reporters/base.js:58
  (supportsColor.stdout || process.env.MOCHA_COLORS !== undefined);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a10cc004491cba7e Filesystem access.
pkgs/npm/[email protected]/lib/reporters/json.js:90
        fs.writeFileSync(output, json);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

mysql2

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #7528f7a02828ac39 Environment-variable access.
pkgs/npm/[email protected]/lib/packets/index.js:60
  if (process.env.NODE_DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

node-gyp

npm dependency
expand_more 37 low-confidence finding(s)
low env_fs dependency Excluded from app score #21972b3ddf97c051 Filesystem access.
pkgs/npm/[email protected]/bin/node-gyp.js:53
  const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1659d01481f2f090 Environment-variable access.
pkgs/npm/[email protected]/lib/build.js:25
  const makeCommand = gyp.opts.make || process.env.MAKE || platformMake

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c51758c6ec84e5fd Environment-variable access.
pkgs/npm/[email protected]/lib/build.js:27
  const jobs = gyp.opts.jobs || process.env.JOBS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f5f98b2bfebc370 Filesystem access.
pkgs/npm/[email protected]/lib/build.js:46
      data = await fs.readFile(configPath, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1228622d67d2bb18 Environment-variable access.
pkgs/npm/[email protected]/lib/build.js:199
      process.env.PATH = `${buildBinsDir}:${process.env.PATH}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f247b8475248346 Environment-variable access.
pkgs/npm/[email protected]/lib/configure.js:32
    process.env.PYTHON = python

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a0c8cd2612740e6 Filesystem access.
pkgs/npm/[email protected]/lib/configure.js:41
        const nodeVersionH = readFileSync(path.join(prefix,
          'include', 'node', 'node_version.h'), { encoding: 'utf8' })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e1f7d0fcf6a41a5 Environment-variable access.
pkgs/npm/[email protected]/lib/configure.js:121
      process.env.GYP_MSVS_VERSION = Math.min(vsInfo.versionYear, 2015)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d99ac40e0dd419f7 Environment-variable access.
pkgs/npm/[email protected]/lib/configure.js:122
      process.env.GYP_MSVS_OVERRIDE_PATH = vsInfo.path

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #adcfab4839c27204 Environment-variable access.
pkgs/npm/[email protected]/lib/configure.js:216
      let zoslibIncPath = process.env.ZOSLIB_INCLUDES

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb7d77f6015e3c5a Environment-variable access.
pkgs/npm/[email protected]/lib/configure.js:222
                          'to the correct path, or unset it to search %s', process.env.ZOSLIB_INCLUDES, nodeRootDir)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bcd92ea2e77e5488 Environment-variable access.
pkgs/npm/[email protected]/lib/configure.js:308
    if (process.env.PYTHONPATH) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a98eac52df47e8e0 Environment-variable access.
pkgs/npm/[email protected]/lib/configure.js:309
      pypath.push(process.env.PYTHONPATH)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e9efec8a2b402ee Environment-variable access.
pkgs/npm/[email protected]/lib/configure.js:311
    process.env.PYTHONPATH = pypath.join(win ? ';' : ':')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0c8aa5117ccd42a Filesystem access.
pkgs/npm/[email protected]/lib/create-config-gypi.js:27
      const baseConfigGypi = await fs.readFile(baseConfigGypiPath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8294e82ad9a395ea Filesystem access.
pkgs/npm/[email protected]/lib/create-config-gypi.js:144
  await fs.writeFile(configPath, [prefix, json, ''].join('\n'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c539ccf66a90edf Filesystem access.
pkgs/npm/[email protected]/lib/download.js:31
  const ca = await fs.readFile(filename, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79c50d580b692f68 Environment-variable access.
pkgs/npm/[email protected]/lib/find-python.js:14
const systemDrive = process.env.SystemDrive || 'C:'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #caa25bed706f8a88 Environment-variable access.
pkgs/npm/[email protected]/lib/find-python.js:15
const username = process.env.USERNAME || process.env.USER || getOsUserInfo()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cbc76a06e24424cf Environment-variable access.
pkgs/npm/[email protected]/lib/find-python.js:16
const localAppData = process.env.LOCALAPPDATA || `${systemDrive}\\${username}\\AppData\\Local`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9960897e2b2b9ea7 Environment-variable access.
pkgs/npm/[email protected]/lib/find-python.js:17
const foundLocalAppData = process.env.LOCALAPPDATA || username

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8f9280fb6c93a37 Environment-variable access.
pkgs/npm/[email protected]/lib/find-python.js:18
const programFiles = process.env.ProgramW6432 || process.env.ProgramFiles || `${systemDrive}\\Program Files`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e79b0be9b4deb55 Environment-variable access.
pkgs/npm/[email protected]/lib/find-python.js:19
const programFilesX86 = process.env['ProgramFiles(x86)'] || `${programFiles} (x86)`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b7bdae2db56d926 Filesystem access.
pkgs/npm/[email protected]/lib/find-visualstudio.js:4
const { existsSync } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cfc22ddc0535acca Environment-variable access.
pkgs/npm/[email protected]/lib/find-visualstudio.js:47
    if (process.env.VCINSTALLDIR) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3bfe04a6e059325 Environment-variable access.
pkgs/npm/[email protected]/lib/find-visualstudio.js:49
        path.resolve(process.env.VCINSTALLDIR, '..')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82ba8d097ad161a1 Environment-variable access.
pkgs/npm/[email protected]/lib/find-visualstudio.js:145
      version: process.env.VSCMD_VER,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5315235505370aa9 Environment-variable access.
pkgs/npm/[email protected]/lib/find-visualstudio.js:155
    const envWindowsSDKVersion = process.env.WindowsSDKVersion

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #709dc888f6710733 Environment-variable access.
pkgs/npm/[email protected]/lib/find-visualstudio.js:178
    const ps = path.join(process.env.SystemRoot, 'System32',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0201c1e4c940f09 Environment-variable access.
pkgs/npm/[email protected]/lib/find-visualstudio.js:242
    const ps = path.join(process.env.SystemRoot, 'System32',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #428d38e9b2958992 Filesystem access.
pkgs/npm/[email protected]/lib/install.js:76
      const ver = await fs.readFile(installVersionFile, 'ascii')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff999b2733d1a9fc Filesystem access.
pkgs/npm/[email protected]/lib/install.js:265
        fs.writeFile(installVersionPath, gyp.package.installVersion + '\n'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d80e6b4b94299e3 Environment-variable access.
pkgs/npm/[email protected]/lib/log.js:161
const NULL_LOGGER = !!process.env.NODE_GYP_NULL_LOGGER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #119b4ed8c68cfa1c Environment-variable access.
pkgs/npm/[email protected]/lib/node-gyp.js:154
        this.opts[name.replaceAll('_', '-').toLowerCase()] = process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa6efe4f84caadcf Environment-variable access.
pkgs/npm/[email protected]/lib/process-release.js:64
  if (!overrideDistUrl && process.env.NODEJS_ORG_MIRROR) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52b285a095d7879c Environment-variable access.
pkgs/npm/[email protected]/lib/process-release.js:65
    overrideDistUrl = process.env.NODEJS_ORG_MIRROR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #263701f6f0394aed Environment-variable access.
pkgs/npm/[email protected]/lib/util.js:16
  const reg = path.join(process.env.SystemRoot, 'System32', 'reg.exe')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

node-hook

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #a50e6fb70d168de0 Filesystem access.
pkgs/npm/[email protected]/index.js:11
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea80dc81198bd85e Filesystem access.
pkgs/npm/[email protected]/index.js:68
    var source = fs.readFileSync(filename, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

nx

npm dependency
expand_more 343 low-confidence finding(s)
low env_fs dependency Excluded from app score #ec9ae0f4c5ee541c Environment-variable access.
pkgs/npm/[email protected]/bin/init-local.js:15
    process.env.NX_CLI_SET = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8983eca42ccc94a2 Environment-variable access.
pkgs/npm/[email protected]/bin/init-local.js:119
    if (process.argv[2] === 'update' && process.env.FORCE_NG_UPDATE != 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34ae68161f833dc2 Environment-variable access.
pkgs/npm/[email protected]/bin/nx.js:41
        process.env.NX_DAEMON = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7cb8958aca9ce936 Environment-variable access.
pkgs/npm/[email protected]/bin/nx.js:74
            process.env.NX_DAEMON = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bde1a9a151a0a7ed Environment-variable access.
pkgs/npm/[email protected]/bin/nx.js:171
    if (process.env.NX_CLI_SET) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af234dcae5b4fd9a Filesystem access.
pkgs/npm/[email protected]/bin/run-executor.js:3
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49f434612464346d Environment-variable access.
pkgs/npm/[email protected]/bin/run-executor.js:5
if (process.env.NX_TERMINAL_OUTPUT_PATH) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aaf5c7cad1024720 Environment-variable access.
pkgs/npm/[email protected]/bin/run-executor.js:6
    setUpOutputWatching(process.env.NX_TERMINAL_CAPTURE_STDERR === 'true', process.env.NX_STREAM_OUTPUT === 'true');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8899cf7733d5eea Environment-variable access.
pkgs/npm/[email protected]/bin/run-executor.js:8
if (!process.env.NX_WORKSPACE_ROOT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec6a6f78b0c08b15 Environment-variable access.
pkgs/npm/[email protected]/bin/run-executor.js:12
process.env.NX_CLI_SET = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9044129470b8dc02 Environment-variable access.
pkgs/npm/[email protected]/bin/run-executor.js:27
    const outputPath = process.env.NX_TERMINAL_OUTPUT_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ccec7790d92533e9 Environment-variable access.
pkgs/npm/[email protected]/bin/run-executor.js:59
        const statusCode = await (0, run_1.run)(process.cwd(), process.env.NX_WORKSPACE_ROOT, message.targetDescription, message.overrides, message.isVerbose, message.taskGraph);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d402ff9ea37aa83d Filesystem access.
pkgs/npm/[email protected]/src/adapter/angular-json.js:9
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4f84190dd6ce4bd Filesystem access.
pkgs/npm/[email protected]/src/adapter/decorate-cli.js:5
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4bccdd0c58155f1a Filesystem access.
pkgs/npm/[email protected]/src/ai/set-up-ai-agents/set-up-ai-agents.js:5
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae03991e1efb3a9c Environment-variable access.
pkgs/npm/[email protected]/src/ai/set-up-ai-agents/set-up-ai-agents.js:19
    if (process.env.NX_AI_FILES_USE_LOCAL === 'true' || inner) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08d5d3cde5ba4f1f Filesystem access.
pkgs/npm/[email protected]/src/ai/utils.js:6
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff4364071624db29 Filesystem access.
pkgs/npm/[email protected]/src/command-line/add/add.js:6
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e9ef394ff5318c2 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/add/add.js:86
                process.env.NX_ADD_PLUGINS !== 'false'))) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9276b8414d3e6934 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/affected/affected.js:19
    loadDotEnvFiles: process.env.NX_LOAD_DOT_ENV_FILES !== 'false',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f191585bd20afe1f Environment-variable access.
pkgs/npm/[email protected]/src/command-line/affected/command-object.js:21
        const exitCode = await (0, handle_errors_1.handleErrors)(args.verbose ?? process.env.NX_VERBOSE_LOGGING === 'true', async () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0f2a4cb14f7330c Environment-variable access.
pkgs/npm/[email protected]/src/command-line/affected/command-object.js:32
        const exitCode = await (0, handle_errors_1.handleErrors)(args.verbose ?? process.env.NX_VERBOSE_LOGGING === 'true', async () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3cfae40fcf559e4 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/affected/command-object.js:46
        const exitCode = await (0, handle_errors_1.handleErrors)(args.verbose ?? process.env.NX_VERBOSE_LOGGING === 'true', async () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e504f4e2059ef05 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/affected/command-object.js:60
        const exitCode = await (0, handle_errors_1.handleErrors)(args.verbose ?? process.env.NX_VERBOSE_LOGGING === 'true', async () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6af663f278ea054a Environment-variable access.
pkgs/npm/[email protected]/src/command-line/affected/command-object.js:74
        const exitCode = await (0, handle_errors_1.handleErrors)(args.verbose ?? process.env.NX_VERBOSE_LOGGING === 'true', async () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f682461ca8bfbe37 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/configure-ai-agents/configure-ai-agents.js:16
    if (process.env.NX_AI_FILES_USE_LOCAL === 'true' || inner) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66080070ffa7a2cf Filesystem access.
pkgs/npm/[email protected]/src/command-line/exec/exec.js:8
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d05fa43350af5d6 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/exec/exec.js:26
    if (process.env.NX_TASK_TARGET_PROJECT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91877575afb75b51 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/exec/exec.js:34
                NX_PROJECT_NAME: process.env.NX_TASK_TARGET_PROJECT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbdd1f5fa0c54676 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/exec/exec.js:35
                NX_PROJECT_ROOT_PATH: projectGraph.nodes?.[process.env.NX_TASK_TARGET_PROJECT]?.data?.root,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4aef9a5949d5fb6d Environment-variable access.
pkgs/npm/[email protected]/src/command-line/exec/exec.js:47
    const targetName = process.env.npm_lifecycle_event;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b41eedf421b019b8 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/format/command-object.js:56
            process.env.NX_FORMAT_SORT_TSCONFIG_PATHS !== 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a9f7d3a8ae76a69 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/format/command-object.js:58
        process.env.NX_FORMAT_SORT_TSCONFIG_PATHS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bba1b6258eea1ca0 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/generate/command-object.js:41
        if (process.env.NX_INTERACTIVE === 'false') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #064525e4c6f37b72 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/generate/command-object.js:45
            process.env.NX_INTERACTIVE = `${args.interactive}`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d5c15ed1da75252 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/generate/command-object.js:47
        if (process.env.NX_DRY_RUN === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db59e6b38f498e0d Environment-variable access.
pkgs/npm/[email protected]/src/command-line/generate/command-object.js:51
            process.env.NX_DRY_RUN = `${args.dryRun}`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22d9205dc49c2d28 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/generate/command-object.js:53
        if (process.env.NX_GENERATE_QUIET === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6e6457a2c105419 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/generate/command-object.js:57
            process.env.NX_GENERATE_QUIET = `${args.quiet}`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf14b6df7a1ba962 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/generate/generator-utils.js:41
        throw new Error(`Unable to resolve ${collectionName}:${generatorName}.\n${process.env.NX_VERBOSE_LOGGING === 'true' ? e.stack : e.message}`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46c3158afe7a32ab Environment-variable access.
pkgs/npm/[email protected]/src/command-line/import/import.js:27
    process.env.NX_RUNNING_NX_IMPORT = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85a7137801ef6bc2 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/init/command-object.js:28
    return (process.env['NX_ADD_PLUGINS'] !== 'false' &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53e418b32240352c Filesystem access.
pkgs/npm/[email protected]/src/command-line/init/configure-plugins.js:18
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9687519d4a089378 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/init/configure-plugins.js:64
        if (process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #264b2c2b8e2a6e76 Filesystem access.
pkgs/npm/[email protected]/src/command-line/init/implementation/add-nx-to-monorepo.js:5
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee8375bb21b58fb3 Filesystem access.
pkgs/npm/[email protected]/src/command-line/init/implementation/angular/standalone-workspace.js:4
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #413d7d62ab309a35 Filesystem access.
pkgs/npm/[email protected]/src/command-line/init/implementation/dot-nx/add-nx-scripts.js:11
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6735b8220d676ca Filesystem access.
pkgs/npm/[email protected]/src/command-line/init/implementation/dot-nx/nxw.js:11
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03c70b126e270638 Filesystem access.
pkgs/npm/[email protected]/src/command-line/init/implementation/dot-nx/nxw.js:55
    fs.writeFileSync(installationPath, JSON.stringify({
        name: 'nx-installation',
        devDependencies: {
            nx: nxJson.installation.version,
            ...nxJson.installation.plugins,
        },
    }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7355b91d189b2787 Filesystem access.
pkgs/npm/[email protected]/src/command-line/init/implementation/dot-nx/nxw.js:71
        fs.writeFileSync(installationPath, JSON.stringify(currentInstallation));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2979d551d3765be3 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/init/implementation/dot-nx/nxw.js:113
if (!process.env.NX_WRAPPER_SKIP_INSTALL) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ced472c8995d7080 Filesystem access.
pkgs/npm/[email protected]/src/command-line/init/implementation/react/index.js:6
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19fda20bd6168416 Filesystem access.
pkgs/npm/[email protected]/src/command-line/init/implementation/react/write-vite-config.js:4
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #424c88ca1070a5a4 Filesystem access.
pkgs/npm/[email protected]/src/command-line/init/implementation/react/write-vite-index-html.js:4
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21f669c0ded0ea1f Filesystem access.
pkgs/npm/[email protected]/src/command-line/init/implementation/utils.js:22
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72092e796038ac6e Filesystem access.
pkgs/npm/[email protected]/src/command-line/init/init-v1.js:6
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #883b7faba33c1fe7 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/init/init-v1.js:21
    const version = process.env.NX_VERSION ?? ((0, semver_1.prerelease)(versions_1.nxVersion) ? versions_1.nxVersion : 'latest');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #370dd3ddef84140e Environment-variable access.
pkgs/npm/[email protected]/src/command-line/init/init-v1.js:22
    if (process.env.NX_VERSION) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a78be144bd92292 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/init/init-v1.js:23
        console.log(`Using version ${process.env.NX_VERSION}`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf624efbbb8d079a Filesystem access.
pkgs/npm/[email protected]/src/command-line/init/init-v2.js:5
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4541527ea5590176 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/init/init-v2.js:28
    process.env.NX_RUNNING_NX_INIT = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d025f6f74e2ddfcb Environment-variable access.
pkgs/npm/[email protected]/src/command-line/init/init-v2.js:29
    const version = process.env.NX_VERSION ?? ((0, semver_1.prerelease)(versions_1.nxVersion) ? versions_1.nxVersion : 'latest');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a851a2fb5f4a6d77 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/init/init-v2.js:30
    if (process.env.NX_VERSION) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab28853e04e1872f Environment-variable access.
pkgs/npm/[email protected]/src/command-line/init/init-v2.js:31
        output_1.output.log({ title: `Using version ${process.env.NX_VERSION}` });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3fb0ce966895478 Filesystem access.
pkgs/npm/[email protected]/src/command-line/migrate/migrate-ui-api.js:18
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0192ed05f45f886e Filesystem access.
pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:29
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4caf171f88a12230 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:555
        if (process.env.NX_MIGRATE_SKIP_REGISTRY_FETCH === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd2e8838a3c978bc Environment-variable access.
pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:850
        const bodyLines = process.env['NX_CONSOLE']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48bff4b721aaf497 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:939
        process.env.npm_config_legacy_peer_deps ??= 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46a6984f16437033 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:1062
    if (!process.env.NX_MIGRATE_SKIP_INSTALL) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8c4d73b16f078c2 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:1125
    const host = new tree_1.FsTree(root, process.env.NX_VERBOSE_LOGGING === 'true', `migration ${collection.name}:${name}`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #719a6ad274d9ab4d Environment-variable access.
pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:1141
    return (0, handle_errors_1.handleErrors)(process.env.NX_VERBOSE_LOGGING === 'true', async () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17eff8948adf1b8d Environment-variable access.
pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:1157
    if (process.env.NX_MIGRATE_USE_LOCAL === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #484aae8af6286edd Environment-variable access.
pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:1165
            if (process.env.npm_config_registry &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1dcf963fdf745cc Environment-variable access.
pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:1166
                process.env.npm_config_registry.match(/^https:\/\/registry\.(npmjs\.org|yarnpkg\.com)/)) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cadb5dd80ec4fe25 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:1167
                delete process.env.npm_config_registry;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e48c126b124efee4 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:1208
    const version = process.env.NX_MIGRATE_CLI_VERSION || 'latest';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff831198b8d2223b Environment-variable access.
pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:1209
    const isVerbose = process.env.NX_VERBOSE_LOGGING === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16e6b809897c5c2f Environment-variable access.
pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:1268
    const paths = process.env.NODE_PATH

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #afa4f800d6753e21 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:1269
        ? process.env.NODE_PATH.split(delimiter)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f191089c51ee01ab Environment-variable access.
pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:1274
    process.env.NODE_PATH = paths.join(delimiter);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e64f59f94164f74e Environment-variable access.
pkgs/npm/[email protected]/src/command-line/new/new.js:16
    return (0, handle_errors_1.handleErrors)(process.env.NX_VERBOSE_LOGGING === 'true' || args.verbose, async () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2622ce8c5221e699 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/nx-cloud/connect/command-object.js:13
        const checkRemote = process.env.NX_SKIP_CHECK_REMOTE !== 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85745eccd6690d89 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/nx-cloud/connect/connect-to-nx-cloud.js:30
            process.env.NX_CLOUD_AUTH_TOKEN ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee65e15b314b440a Environment-variable access.
pkgs/npm/[email protected]/src/command-line/nx-cloud/connect/connect-to-nx-cloud.js:31
            process.env.NX_CLOUD_ACCESS_TOKEN) && !nxJson.nxCloudId);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3154e570bf6eac36 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/nx-cloud/connect/connect-to-nx-cloud.js:61
    const installationSource = process.env.NX_CONSOLE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf9c243af4f84179 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/nx-cloud/connect/connect-to-nx-cloud.js:76
        const token = process.env.NX_CLOUD_AUTH_TOKEN ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37812fd3fa718fd8 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/nx-cloud/connect/connect-to-nx-cloud.js:77
            process.env.NX_CLOUD_ACCESS_TOKEN ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #189b808c48cf1c29 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/nx-cloud/login/login.js:7
        process.env.NX_CLOUD_API = args.nxCloudUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1a638c3223468f1 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/release/changelog.js:85
            process.env.NX_RELEASE_INTERNAL_SUPPRESS_FILTER_LOG !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9291c884e6e39cb1 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/release/config/use-legacy-versioning.js:6
    return process.env.NX_INTERNAL_USE_LEGACY_VERSIONING === 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db87ff10a58719fd Environment-variable access.
pkgs/npm/[email protected]/src/command-line/release/publish.js:68
            process.env.NX_RELEASE_INTERNAL_SUPPRESS_FILTER_LOG !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64a722fd8ca40029 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/release/publish.js:86
                    loadDotEnvFiles: process.env.NX_LOAD_DOT_ENV_FILES !== 'false',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0aa3968c0b16841b Environment-variable access.
pkgs/npm/[email protected]/src/command-line/release/publish.js:101
                loadDotEnvFiles: process.env.NX_LOAD_DOT_ENV_FILES !== 'false',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a25c79db8e8600eb Environment-variable access.
pkgs/npm/[email protected]/src/command-line/release/publish.js:132
        process.env.NX_DRY_RUN = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4fc7d3bbcf232f17 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/release/publish.js:184
    process.env.NX_TUI = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb3e6614bba550bf Environment-variable access.
pkgs/npm/[email protected]/src/command-line/release/release.js:72
        process.env.NX_RELEASE_INTERNAL_SUPPRESS_FILTER_LOG = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dfef23c1d4f9a3ba Environment-variable access.
pkgs/npm/[email protected]/src/command-line/release/utils/launch-editor.js:7
    const editorCommand = process.env.GIT_EDITOR ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #862b2061d7d3e45e Environment-variable access.
pkgs/npm/[email protected]/src/command-line/release/utils/launch-editor.js:9
        process.env.VISUAL ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f77806926bc0b925 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/release/utils/launch-editor.js:10
        process.env.EDITOR ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd71e863d59e81ea Environment-variable access.
pkgs/npm/[email protected]/src/command-line/release/utils/remote-release-clients/github.js:68
        const tokenFromEnv = process.env.GITHUB_TOKEN || process.env.GH_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1b0f7afa1086206 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/release/utils/remote-release-clients/github.js:73
        const ghCLIPath = (0, path_1.joinPathFragments)(process.env.XDG_CONFIG_HOME || (0, path_1.joinPathFragments)((0, node_os_1.homedir)(), '.config'), 'gh', 'hosts.yml');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45dc077c0104bc2e Filesystem access.
pkgs/npm/[email protected]/src/command-line/release/utils/remote-release-clients/github.js:75
            const yamlContents = await node_fs_1.promises.readFile(ghCLIPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f1d75983fc08de0 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/release/utils/remote-release-clients/gitlab.js:58
            if (process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49338ea9bbff34f5 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/release/utils/remote-release-clients/gitlab.js:69
        const tokenFromEnv = process.env.GITLAB_TOKEN || process.env.GL_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #926e5dd0404af0ef Environment-variable access.
pkgs/npm/[email protected]/src/command-line/release/utils/remote-release-clients/gitlab.js:74
        if (process.env.CI_JOB_TOKEN) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2d22b440629ec89 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/release/utils/remote-release-clients/gitlab.js:75
            return { token: process.env.CI_JOB_TOKEN, headerName: 'JOB-TOKEN' };

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #268a40b648f06f90 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/release/version-legacy.js:55
        process.env.NX_RELEASE_INTERNAL_SUPPRESS_FILTER_LOG !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b61a7b5d48e2d02 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/release/version.js:87
            process.env.NX_RELEASE_INTERNAL_SUPPRESS_FILTER_LOG !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0472b47c14127526 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/release/version/resolve-current-version.js:217
    if (process.env.CI === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8a595772217fcab Environment-variable access.
pkgs/npm/[email protected]/src/command-line/run-many/command-object.js:12
        const exitCode = await (0, handle_errors_1.handleErrors)(args.verbose ?? process.env.NX_VERBOSE_LOGGING === 'true', async () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98b22405a6d7cf39 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/run-many/run-many.js:17
    loadDotEnvFiles: process.env.NX_LOAD_DOT_ENV_FILES !== 'false',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83259696fe7ece94 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/run-many/run-many.js:24
        process.env.NX_VERBOSE_LOGGING = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #114875fd345a9b51 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/run/command-object.js:18
        const exitCode = await (0, handle_errors_1.handleErrors)(args.verbose ?? process.env.NX_VERBOSE_LOGGING === 'true', async () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57f1e82b10ee9861 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/run/command-object.js:32
        const exitCode = await (0, handle_errors_1.handleErrors)(args.verbose ?? process.env.NX_VERBOSE_LOGGING === 'true', async () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cee044e7de643256 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/run/run-one.js:18
    loadDotEnvFiles: process.env.NX_LOAD_DOT_ENV_FILES !== 'false',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4eb2e4139a9172d8 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/watch/watch.js:12
        return process.env.NX_VERBOSE_LOGGING === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0bcd0fb12e0e0bff Environment-variable access.
pkgs/npm/[email protected]/src/command-line/yargs-utils/shared-options.js:49
            process.env.NX_TUI_AUTO_EXIT = args.tuiAutoExit.toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07f8f768c2429439 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/yargs-utils/shared-options.js:51
        else if (process.env.NX_TUI_AUTO_EXIT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ea9cf18503a131a Environment-variable access.
pkgs/npm/[email protected]/src/command-line/yargs-utils/shared-options.js:52
            args.tuiAutoExit = coerceTuiAutoExit(process.env.NX_TUI_AUTO_EXIT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab6a4a0b27c2c189 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/yargs-utils/shared-options.js:163
        args.verbose ??= process.env.NX_VERBOSE_LOGGING === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b983cd12fda4b010 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/yargs-utils/shared-options.js:165
        process.env.NX_VERBOSE_LOGGING = args.verbose.toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ccac95a30b424408 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/yargs-utils/shared-options.js:173
            return v || process.env.NX_BATCH_MODE === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b1ce363ebf14df4 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/yargs-utils/shared-options.js:270
            process.env.NX_TUI = useTui.toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6652f0547d27eb9a Environment-variable access.
pkgs/npm/[email protected]/src/command-line/yargs-utils/shared-options.js:314
        (process.env.NX_PARALLEL && args['parallel'] === undefined)) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52b1997913940bb4 Environment-variable access.
pkgs/npm/[email protected]/src/command-line/yargs-utils/shared-options.js:317
            process.env.NX_PARALLEL ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0c25367b2058361 Environment-variable access.
pkgs/npm/[email protected]/src/commands-runner/create-command-graph.js:51
        if (process.env.NX_IGNORE_CYCLES === 'true' || nxArgs.nxIgnoreCycles) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e34d8a89636ea72 Environment-variable access.
pkgs/npm/[email protected]/src/config/calculate-default-project-name.js:19
            else if (process.env.NX_DEFAULT_PROJECT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6dfdbc54857f1601 Environment-variable access.
pkgs/npm/[email protected]/src/config/calculate-default-project-name.js:20
                return process.env.NX_DEFAULT_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68e46a0865895b8c Environment-variable access.
pkgs/npm/[email protected]/src/config/calculate-default-project-name.js:29
    return (process.env.NX_DEFAULT_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #010f543f588c5090 Filesystem access.
pkgs/npm/[email protected]/src/config/nx-json.js:5
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c42d2b7993267d2 Filesystem access.
pkgs/npm/[email protected]/src/config/schema-utils.js:6
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6af8a845c9ea8bb Environment-variable access.
pkgs/npm/[email protected]/src/daemon/client/client.js:66
            const env = process.env.NX_DAEMON;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24bff4e684aa041d Filesystem access.
pkgs/npm/[email protected]/src/daemon/server/server.js:6
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37a673fdcf22d40e Filesystem access.
pkgs/npm/[email protected]/src/daemon/socket-utils.js:6
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b730dc0e952d60ce Environment-variable access.
pkgs/npm/[email protected]/src/daemon/tmp-dir.js:55
        const dir = process.env.NX_SOCKET_DIR ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8e5e3c5e78364f2 Environment-variable access.
pkgs/npm/[email protected]/src/daemon/tmp-dir.js:56
            process.env.NX_DAEMON_SOCKET_DIR ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb5038969ac63e69 Environment-variable access.
pkgs/npm/[email protected]/src/executors/run-commands/run-commands.impl.js:57
        process.env.NX_NATIVE_COMMAND_RUNNER !== 'false' &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca059568b8529edf Environment-variable access.
pkgs/npm/[email protected]/src/executors/run-commands/run-commands.impl.js:70
        if (process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ba3cb6809c8dc1e Environment-variable access.
pkgs/npm/[email protected]/src/executors/run-commands/running-tasks.js:210
        if (process.env.NX_NATIVE_COMMAND_RUNNER !== 'false' &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c25557fccdf2240e Environment-variable access.
pkgs/npm/[email protected]/src/executors/run-commands/running-tasks.js:399
    if (process.env.NX_LOAD_DOT_ENV_FILES !== 'false' && envFile) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73f0ebb6960e58ae Environment-variable access.
pkgs/npm/[email protected]/src/generators/testing-utils/create-tree-with-empty-workspace.js:17
    process.env.INIT_CWD = workspace_root_1.workspaceRoot;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6df7ef0bc48e0790 Environment-variable access.
pkgs/npm/[email protected]/src/hasher/hash-task.js:15
    if (process.env.NX_DISABLE_DB === 'true' || native_1.IS_WASM) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7fbfa589ffba677 Environment-variable access.
pkgs/npm/[email protected]/src/native/assert-supported-platform.js:21
            if (process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e61a0acc02fa880 Filesystem access.
pkgs/npm/[email protected]/src/native/index.js:2
const { copyFileSync, existsSync, mkdirSync, renameSync } = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e1e21f46581eca9 Environment-variable access.
pkgs/npm/[email protected]/src/native/index.js:66
  const useNativeFileCache = process.env.NX_SKIP_NATIVE_FILE_CACHE !== 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6ccc42739cd3a92 Filesystem access.
pkgs/npm/[email protected]/src/native/native-bindings.js:5
const { readFileSync } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ce6105aac2aa69f Filesystem access.
pkgs/npm/[email protected]/src/native/native-bindings.js:28
    return readFileSync('/usr/bin/ldd', 'utf-8').includes('musl')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d4bbefecbbbe515 Environment-variable access.
pkgs/npm/[email protected]/src/native/native-bindings.js:334
if (!nativeBinding || process.env.NAPI_RS_FORCE_WASI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f966d3b0c3713839 Environment-variable access.
pkgs/npm/[email protected]/src/native/native-bindings.js:338
    if (process.env.NAPI_RS_FORCE_WASI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3158e862f9c5157 Environment-variable access.
pkgs/npm/[email protected]/src/native/native-bindings.js:346
      if (process.env.NAPI_RS_FORCE_WASI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77e2fd4f814d17f3 Environment-variable access.
pkgs/npm/[email protected]/src/native/native-file-cache-location.js:10
    if (process.env.NX_NATIVE_FILE_CACHE_DIRECTORY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7f855364cf4af13 Environment-variable access.
pkgs/npm/[email protected]/src/native/native-file-cache-location.js:11
        return process.env.NX_NATIVE_FILE_CACHE_DIRECTORY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a9db08cb87901b8 Filesystem access.
pkgs/npm/[email protected]/src/native/nx.wasi.cjs:48
const { instance: __napiInstance, module: __wasiModule, napiModule: __napiModule } = __emnapiInstantiateNapiModuleSync(__nodeFs.readFileSync(__wasmFilePath), {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d645dba7ab40535 Environment-variable access.
pkgs/npm/[email protected]/src/native/nx.wasi.cjs:51
    const threadsSizeFromEnv = Number(process.env.NAPI_RS_ASYNC_WORK_POOL_SIZE ?? process.env.UV_THREADPOOL_SIZE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdd67d0c55cab74d Filesystem access.
pkgs/npm/[email protected]/src/native/wasi-worker.mjs:22
    ;(0, eval)(fs.readFileSync(f, "utf8") + "//# sourceURL=" + f);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fc842b80b775ab6 Environment-variable access.
pkgs/npm/[email protected]/src/nx-cloud/debug-logger.js:5
    if (process.env['NX_VERBOSE_LOGGING'] === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #acf7b6d3ebe1050e Environment-variable access.
pkgs/npm/[email protected]/src/nx-cloud/generators/connect-to-nx-cloud/connect-to-nx-cloud.js:86
            const overrideUrl = process.env.NX_CLOUD_API || process.env.NRWL_API;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5eec055e9bfe1718 Environment-variable access.
pkgs/npm/[email protected]/src/nx-cloud/generators/connect-to-nx-cloud/connect-to-nx-cloud.js:99
            const overrideUrl = process.env.NX_CLOUD_API || process.env.NRWL_API;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aaa48ce6b4ff459d Filesystem access.
pkgs/npm/[email protected]/src/nx-cloud/resolution-helpers.js:4
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f85b1e8d380a434f Filesystem access.
pkgs/npm/[email protected]/src/nx-cloud/update-manager.js:6
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cbbc29281902e84f Environment-variable access.
pkgs/npm/[email protected]/src/nx-cloud/update-manager.js:125
    if (process.env.NX_CLOUD_FORCE_REVALIDATE === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d41094471f4b629c Environment-variable access.
pkgs/npm/[email protected]/src/nx-cloud/utilities/axios.js:8
    const baseUrl = process.env.NX_CLOUD_API || options.url || 'https://cloud.nx.app';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79930b293c8751e8 Filesystem access.
pkgs/npm/[email protected]/src/nx-cloud/utilities/environment.js:5
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02e4f2322422b72e Environment-variable access.
pkgs/npm/[email protected]/src/nx-cloud/utilities/environment.js:11
process.env.NX_CLOUD_AGENT_TIMEOUT_MS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #453314c51b202ac2 Environment-variable access.
pkgs/npm/[email protected]/src/nx-cloud/utilities/environment.js:12
    ? Number(process.env.NX_CLOUD_AGENT_TIMEOUT_MS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f1595a2bf557a49 Environment-variable access.
pkgs/npm/[email protected]/src/nx-cloud/utilities/environment.js:15
process.env.NX_CLOUD_ORCHESTRATOR_TIMEOUT_MS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22a23f29105bd3f7 Environment-variable access.
pkgs/npm/[email protected]/src/nx-cloud/utilities/environment.js:16
    ? Number(process.env.NX_CLOUD_ORCHESTRATOR_TIMEOUT_MS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9696b51b8b2590a Environment-variable access.
pkgs/npm/[email protected]/src/nx-cloud/utilities/environment.js:19
process.env.NX_CLOUD_DISTRIBUTED_EXECUTION_AGENT_COUNT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #805b3d0fde4cc15a Environment-variable access.
pkgs/npm/[email protected]/src/nx-cloud/utilities/environment.js:20
    ? Number(process.env.NX_CLOUD_DISTRIBUTED_EXECUTION_AGENT_COUNT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af5d8ae018a565bb Environment-variable access.
pkgs/npm/[email protected]/src/nx-cloud/utilities/environment.js:22
process.env.NX_CLOUD_NUMBER_OF_RETRIES

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #077c7e2609240378 Environment-variable access.
pkgs/npm/[email protected]/src/nx-cloud/utilities/environment.js:23
    ? Number(process.env.NX_CLOUD_NUMBER_OF_RETRIES)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25e8b2ea823727ee Environment-variable access.
pkgs/npm/[email protected]/src/nx-cloud/utilities/environment.js:40
        process.env.NX_CLOUD_AUTH_TOKEN ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #546c4f9f01df2189 Environment-variable access.
pkgs/npm/[email protected]/src/nx-cloud/utilities/environment.js:41
            process.env.NX_CLOUD_ACCESS_TOKEN ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3806adf46323d44 Environment-variable access.
pkgs/npm/[email protected]/src/nx-cloud/utilities/environment.js:45
        process.env.NX_CLOUD_NO_TIMEOUTS === 'true' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e164863b5afbdc86 Environment-variable access.
pkgs/npm/[email protected]/src/nx-cloud/utilities/get-cloud-options.js:16
    return removeTrailingSlash(process.env.NX_CLOUD_API || process.env.NRWL_API || `https://cloud.nx.app`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1378a767b036c58 Environment-variable access.
pkgs/npm/[email protected]/src/nx-cloud/utilities/url-shorten.js:78
        if (process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10a320c63694946e Filesystem access.
pkgs/npm/[email protected]/src/plugins/js/index.js:4
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0720dd0b03e9c56 Environment-variable access.
pkgs/npm/[email protected]/src/plugins/js/lock-file/lock-file.js:249
    return (process.env.npm_command === 'install' &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e562bc53f0c0c640 Environment-variable access.
pkgs/npm/[email protected]/src/plugins/js/lock-file/lock-file.js:250
        process.env.npm_lifecycle_event === 'postinstall');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a44cfdd5344b4448 Filesystem access.
pkgs/npm/[email protected]/src/plugins/js/lock-file/npm-parser.js:6
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59fe129385b41d34 Environment-variable access.
pkgs/npm/[email protected]/src/plugins/js/lock-file/npm-parser.js:512
        if (process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93daf5b06301ae83 Filesystem access.
pkgs/npm/[email protected]/src/plugins/js/package-json/create-package-json.js:8
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6779700ea460fcb5 Environment-variable access.
pkgs/npm/[email protected]/src/plugins/js/project-graph/build-dependencies/explicit-package-json-dependencies.js:57
        if (process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c59b37121d67115 Environment-variable access.
pkgs/npm/[email protected]/src/plugins/js/project-graph/build-dependencies/target-project-locator.js:169
            if (process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b87c9722bd7ec207 Filesystem access.
pkgs/npm/[email protected]/src/plugins/js/project-graph/build-nodes/build-npm-package-nodes.js:4
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e227418e8a38ff0 Filesystem access.
pkgs/npm/[email protected]/src/plugins/js/utils/config.js:7
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44bea7a10ce2a1cb Environment-variable access.
pkgs/npm/[email protected]/src/plugins/js/utils/register.js:34
    if (process.env._?.endsWith(`${path_1.sep}tsx`)) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8a079d6767ad3cb Environment-variable access.
pkgs/npm/[email protected]/src/plugins/js/utils/register.js:70
        process.env.TS_NODE_COMPILER_OPTIONS ??= JSON.stringify({

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #029911f7de002611 Environment-variable access.
pkgs/npm/[email protected]/src/plugins/js/utils/register.js:160
    const preferTsNode = process.env.NX_PREFER_TS_NODE === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce4e70ff5f099cc8 Environment-variable access.
pkgs/npm/[email protected]/src/plugins/js/utils/register.js:268
    const preferTsNode = process.env.NX_PREFER_TS_NODE === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86b54358be701055 Filesystem access.
pkgs/npm/[email protected]/src/plugins/js/utils/typescript.js:11
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b91b50e439b8a9bb Environment-variable access.
pkgs/npm/[email protected]/src/plugins/package-json/create-nodes.js:29
        const isInPackageJsonWorkspaces = process.env.NX_INFER_ALL_PACKAGE_JSONS === 'true' &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7eb1e53fe314da3e Filesystem access.
pkgs/npm/[email protected]/src/project-graph/affected/locators/project-glob-changes.js:7
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22f4af6b9f2dda33 Environment-variable access.
pkgs/npm/[email protected]/src/project-graph/affected/locators/project-glob-changes.js:15
        if (process.env.NX_FORCE_REUSE_CACHED_GRAPH === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04edd4b735aecb2d Filesystem access.
pkgs/npm/[email protected]/src/project-graph/build-project-graph.js:18
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b666d743721684f Environment-variable access.
pkgs/npm/[email protected]/src/project-graph/build-project-graph.js:201
        else if (process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bacc8e46439d3154 Environment-variable access.
pkgs/npm/[email protected]/src/project-graph/build-project-graph.js:274
        else if (process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b6db317ad4cc573 Environment-variable access.
pkgs/npm/[email protected]/src/project-graph/error-types.js:262
        if (e.stack && process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbed97d5710b7eac Filesystem access.
pkgs/npm/[email protected]/src/project-graph/file-utils.js:10
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e10cdda5e4f577af Environment-variable access.
pkgs/npm/[email protected]/src/project-graph/plugins/isolation/enabled.js:7
    if (process.env.NX_ISOLATE_PLUGINS === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f30115e49b9a3e8 Environment-variable access.
pkgs/npm/[email protected]/src/project-graph/plugins/isolation/enabled.js:12
    process.env.NX_ISOLATE_PLUGINS === 'false' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d29af1593ad1922 Environment-variable access.
pkgs/npm/[email protected]/src/project-graph/plugins/isolation/plugin-pool.js:16
const MAX_MESSAGE_WAIT = process.env.NX_PLUGIN_NO_TIMEOUTS === 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5ff062171fa419d Filesystem access.
pkgs/npm/[email protected]/src/project-graph/plugins/isolation/plugin-worker.js:9
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1c758aa0a857ac3 Environment-variable access.
pkgs/npm/[email protected]/src/project-graph/plugins/isolation/plugin-worker.js:10
if (process.env.NX_PERF_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #beebc3bc2e4e4036 Environment-variable access.
pkgs/npm/[email protected]/src/project-graph/plugins/isolation/plugin-worker.js:189
if (process.env.NX_PLUGIN_NO_TIMEOUTS !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e20bdc14348fe522 Environment-variable access.
pkgs/npm/[email protected]/src/project-graph/plugins/tasks-execution-hooks.js:39
            process.env[key] = env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da3fff028c5693f4 Environment-variable access.
pkgs/npm/[email protected]/src/project-graph/project-graph.js:103
    const cacheEnabled = process.env.NX_CACHE_PROJECT_GRAPH !== 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e52a02ae9e43f76 Environment-variable access.
pkgs/npm/[email protected]/src/project-graph/project-graph.js:141
        const isVerbose = process.env.NX_VERBOSE_LOGGING === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d4e9730d0093918 Environment-variable access.
pkgs/npm/[email protected]/src/project-graph/project-graph.js:206
    if (process.env.NX_FORCE_REUSE_CACHED_GRAPH === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b537bdfb00963fc Environment-variable access.
pkgs/npm/[email protected]/src/project-graph/utils/project-configuration-utils.js:253
        else if (process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bdabf24e1c1d53ef Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/cache.js:38
    process.env.NX_REJECT_UNKNOWN_LOCAL_CACHE === '0' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f26c3dd361522f0 Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/cache.js:39
        process.env.NX_REJECT_UNKNOWN_LOCAL_CACHE === 'false') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #060af9e5f6784d2a Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/cache.js:59
        this.cache = new native_1.NxCache(workspace_root_1.workspaceRoot, cache_directory_1.cacheDir, (0, db_connection_1.getDbConnection)(), process.env.NX_DISABLE_DB !== 'true', resolveMaxCacheSize(this.nxJson));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2c5407b6a636442 Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/cache.js:60
        this.isVerbose = process.env.NX_VERBOSE_LOGGING === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13d883e8fd34c4d6 Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/cache.js:197
        if (process.env.NX_SELF_HOSTED_REMOTE_CACHE_SERVER) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a49945309d1cffa Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/cache.js:291
                if (process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd4740fde1455747 Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/cache.js:440
            if (process.env.NX_REJECT_UNKNOWN_LOCAL_CACHE != '0' &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5339e2d8115850e6 Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/cache.js:441
                process.env.NX_REJECT_UNKNOWN_LOCAL_CACHE != 'false') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d56bdebcffdab75 Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/cache.js:495
    const rawMaxCacheSize = process.env.NX_MAX_CACHE_SIZE ?? nxJson.maxCacheSize;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9fd3551e323191fd Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/fork.js:11
if (process.env['NX_PSEUDO_TERMINAL_EXEC_ARGV']) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #268604e7e532d496 Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/fork.js:12
    execArgv = process.env['NX_PSEUDO_TERMINAL_EXEC_ARGV'].split('|');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #377901a08cd7e8d0 Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/fork.js:13
    delete process.env['NX_PSEUDO_TERMINAL_EXEC_ARGV'];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52efdd76bb850975 Filesystem access.
pkgs/npm/[email protected]/src/tasks-runner/forked-process-task-runner.js:4
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf38f0fe47a67c23 Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/forked-process-task-runner.js:23
        this.verbose = process.env.NX_VERBOSE_LOGGING === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65914a50f4b78f42 Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/forked-process-task-runner.js:85
            process.env.NX_PREFIX_OUTPUT === 'true' &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e306737976f89681 Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/init-tasks-runner.js:27
        process.env.NX_VERBOSE_LOGGING = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec00e2f1a3a8785c Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/is-tui-enabled.js:12
    return process.env.NX_TUI === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7435ddaa1c28b5a Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/is-tui-enabled.js:24
function shouldUseTui(nxJson, nxArgs, skipCapabilityCheck = process.env.NX_TUI_SKIP_CAPABILITY_CHECK === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6de964b4589b7c32 Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/is-tui-enabled.js:48
    if (typeof process.env.NX_TUI === 'string') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ada7a1a28b05456a Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/is-tui-enabled.js:49
        return process.env.NX_TUI === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38a0cafddae9bfca Filesystem access.
pkgs/npm/[email protected]/src/tasks-runner/life-cycles/store-run-information-life-cycle.js:5
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dac70c1936143e9f Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/life-cycles/store-run-information-life-cycle.js:73
            if (process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83a9cd1596c2ce8d Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/life-cycles/task-history-life-cycle.js:17
            process.env.NX_DISABLE_DB !== 'true' && !native_1.IS_WASM

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18dc6a478d72c0aa Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/pseudo-terminal.js:169
    if (process.env.NX_WINDOWS_PTY_SUPPORT !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #562776842ee8fa95 Filesystem access.
pkgs/npm/[email protected]/src/tasks-runner/remove-old-cache-records.js:3
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5db0f14d1d71e9d Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/run-command.js:54
        process.env.NX_TUI = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c47ea8891369400 Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/run-command.js:271
        if (process.env.NX_IGNORE_CYCLES === 'true' || nxArgs.nxIgnoreCycles) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82efaea3043d2307 Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/run-command.js:288
        !process.env['NX_SKIP_ATOMIZER_VALIDATION']) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5575eafb44147c7f Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/run-command.js:294
    const status = await (0, handle_errors_1.handleErrors)(process.env.NX_VERBOSE_LOGGING === 'true', async () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #658ffa2878ca7e2a Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/run-command.js:306
                process.env.NX_SKIP_NX_CACHE === 'true' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #466adee895329e1b Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/run-command.js:307
                process.env.NX_DISABLE_NX_CACHE === 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0308080bb62701a0 Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/run-command.js:610
        process.env.NX_BATCH_MODE === 'true' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2cf0f0db0519575 Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/run-command.js:612
        process.env.NX_STREAM_OUTPUT = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6667b2004a5330d9 Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/run-command.js:613
        process.env.NX_PREFIX_OUTPUT = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ae010e3028eea77 Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/run-command.js:616
        process.env.NX_STREAM_OUTPUT = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2d7de4597855268 Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/run-command.js:619
        process.env.NX_LOAD_DOT_ENV_FILES = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #456b891411e2b8df Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/run-command.js:707
    if (process.env.NX_PERF_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #013a8b53bbda0f9b Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/run-command.js:710
    if (process.env.NX_PROFILE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #857a3c9e2459ae2f Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/run-command.js:711
        lifeCycles.push(new task_profiling_life_cycle_1.TaskProfilingLifeCycle(process.env.NX_PROFILE));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e5394d18b40bd71 Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/run-command.js:738
    if (process.env.NX_BATCH_MODE === 'true' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #186dd24f37da2518 Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/run-command.js:739
        process.env.NX_VERBOSE_LOGGING === 'true' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71e18385ccb23e3d Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/run-command.js:740
        process.env.NX_TASKS_RUNNER_DYNAMIC_OUTPUT === 'false') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c27da939184e9bac Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/run-command.js:790
    if (process.env.CODEX_ENV_NODE_VERSION) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb6345e18a96893b Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/run-command.js:806
        process.env.NX_CLOUD_AUTH_TOKEN ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41f703721e3e73fe Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/run-command.js:807
        process.env.NX_CLOUD_ACCESS_TOKEN ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0529f4f052b7273 Filesystem access.
pkgs/npm/[email protected]/src/tasks-runner/running-tasks/node-child-process.js:5
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6da70f75095a195d Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/running-tasks/node-child-process.js:16
            if (process.env.NX_PREFIX_OUTPUT === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ab36c063a5e20bc Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/task-env.js:17
        ...getNxEnvVariablesForForkedProcess(process.env.FORCE_COLOR === undefined ? 'true' : process.env.FORCE_COLOR, skipNxCache, captureStderr),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f506fd4f392e75a3 Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/task-env.js:23
    return process.env.NX_LOAD_DOT_ENV_FILES === 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c19ad85d2f31ad9 Filesystem access.
pkgs/npm/[email protected]/src/tasks-runner/task-orchestrator.js:6
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b67b1063a39f5c2 Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/task-orchestrator.js:284
            ? (0, task_env_1.getEnvVariablesForTask)(task, taskSpecificEnv, process.env.FORCE_COLOR === undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13606ef3a34ce460 Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/task-orchestrator.js:286
                : process.env.FORCE_COLOR, this.options.skipNxCache, this.options.captureStderr, null, null)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ed6c619adb92e45 Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/task-orchestrator.js:304
        const shouldPrefix = streamOutput && process.env.NX_PREFIX_OUTPUT === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2b3c944dcb4f4ea Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/task-orchestrator.js:306
        if (process.env.NX_RUN_COMMANDS_DIRECTLY !== 'false' &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6dd1a52e90bef3a Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/task-orchestrator.js:311
                const combinedOptions = (0, params_1.combineOptionsForExecutor)(task.overrides, task.target.configuration ?? targetConfiguration.defaultConfiguration, targetConfiguration, schema, task.target.project, (0, path_1.relative)(task.projectRoot ?? workspace_root_1.workspaceRoot, process.cwd()), process.env.NX_VERBOSE_LOGGING === 'true');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a63b255a64778c4 Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/task-orchestrator.js:374
                if (process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #293bccf0ab783727 Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/task-orchestrator.js:424
            const usePtyFork = process.env.NX_NATIVE_COMMAND_RUNNER !== 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1c3605d609063d6 Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/task-orchestrator.js:447
            if (process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b816d513935bab9 Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/task-orchestrator.js:497
            ? (0, task_env_1.getEnvVariablesForTask)(task, taskSpecificEnv, process.env.FORCE_COLOR === undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6b5f2e005209fbc Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/task-orchestrator.js:499
                : process.env.FORCE_COLOR, this.options.skipNxCache, this.options.captureStderr, null, null)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf5bb2c0c57116e6 Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/task-orchestrator.js:625
            if (process.env.NX_NATIVE_COMMAND_RUNNER !== 'false') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de92e3272549b845 Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/task-orchestrator.js:630
                process.env.NX_STREAM_OUTPUT === 'true');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5226cea2a33e426 Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/task-orchestrator.js:638
            (process.env.NX_CACHE_FAILURES == 'true' ? true : code === 0));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f634f46147850e3 Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/tasks-schedule.js:81
        if (this.options.batch || process.env.NX_BATCH_MODE === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec49c89333383d42 Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/utils.js:377
    if (process.env.NX_STREAM_OUTPUT === 'true')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96e652429d07c269 Environment-variable access.
pkgs/npm/[email protected]/src/tasks-runner/utils.js:379
    if (process.env.NX_STREAM_OUTPUT === 'false')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f08373ac2dd75478 Environment-variable access.
pkgs/npm/[email protected]/src/utils/ab-testing.js:47
            if (process.env.NX_GENERATE_DOCS_PROCESS === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9214d6fa180148ba Environment-variable access.
pkgs/npm/[email protected]/src/utils/ab-testing.js:87
        if (process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82a4ef7f682eea97 Filesystem access.
pkgs/npm/[email protected]/src/utils/cache-directory.js:6
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d537fd94144b470c Environment-variable access.
pkgs/npm/[email protected]/src/utils/cache-directory.js:29
    const cacheDirFromEnv = process.env.NX_CACHE_DIRECTORY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #684df926e67d794d Environment-variable access.
pkgs/npm/[email protected]/src/utils/cache-directory.js:68
    return absolutePath(workspaceRoot, process.env.NX_WORKSPACE_DATA_DIRECTORY ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #620674c3518f65b3 Environment-variable access.
pkgs/npm/[email protected]/src/utils/cache-directory.js:69
        process.env.NX_PROJECT_GRAPH_CACHE_DIRECTORY ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f3619f119f83304 Filesystem access.
pkgs/npm/[email protected]/src/utils/child-process.js:8
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9912bd6edc9efb35 Environment-variable access.
pkgs/npm/[email protected]/src/utils/command-line-utils.js:78
        if (!nxArgs.base && process.env.NX_BASE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f4d82684edf8bb2 Environment-variable access.
pkgs/npm/[email protected]/src/utils/command-line-utils.js:79
            nxArgs.base = process.env.NX_BASE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8317a630a80b21a6 Environment-variable access.
pkgs/npm/[email protected]/src/utils/command-line-utils.js:86
        if (!nxArgs.head && process.env.NX_HEAD) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #591bcd86f808aa3f Environment-variable access.
pkgs/npm/[email protected]/src/utils/command-line-utils.js:87
            nxArgs.head = process.env.NX_HEAD;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e87307371589e67 Environment-variable access.
pkgs/npm/[email protected]/src/utils/command-line-utils.js:117
            process.env.NX_SKIP_NX_CACHE === 'true' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e012aa176db843d Environment-variable access.
pkgs/npm/[email protected]/src/utils/command-line-utils.js:118
                process.env.NX_DISABLE_NX_CACHE === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c20a1953dd11bbc Environment-variable access.
pkgs/npm/[email protected]/src/utils/command-line-utils.js:122
            process.env.NX_DISABLE_REMOTE_CACHE === 'true' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #984173c2f8196f75 Environment-variable access.
pkgs/npm/[email protected]/src/utils/command-line-utils.js:123
                process.env.NX_SKIP_REMOTE_CACHE === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c253d3c604e6b7e2 Environment-variable access.
pkgs/npm/[email protected]/src/utils/command-line-utils.js:132
        const runner = process.env[envKey];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2564276a39b46b03 Environment-variable access.
pkgs/npm/[email protected]/src/utils/command-line-utils.js:142
                    process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9a2d9b4c71a403c Environment-variable access.
pkgs/npm/[email protected]/src/utils/git-utils.index-filter.js:11
    const src = process.env.NX_IMPORT_SOURCE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2474620d558e2174 Environment-variable access.
pkgs/npm/[email protected]/src/utils/git-utils.index-filter.js:13
    execSync(`git reset ${process.env.GIT_COMMIT} -- "${src}"`, {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83513f6f906e7174 Filesystem access.
pkgs/npm/[email protected]/src/utils/git-utils.tree-filter.js:10
const { existsSync, mkdirSync, renameSync, rmSync } = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5dd0337d2b51cc3b Environment-variable access.
pkgs/npm/[email protected]/src/utils/git-utils.tree-filter.js:15
    const src = process.env.NX_IMPORT_SOURCE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0afa668deab33705 Environment-variable access.
pkgs/npm/[email protected]/src/utils/git-utils.tree-filter.js:16
    const dest = process.env.NX_IMPORT_DESTINATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e177a26c8c45d88 Environment-variable access.
pkgs/npm/[email protected]/src/utils/is-ci.js:5
    if (process.env.CI === 'false') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7e9833838b0cc25 Environment-variable access.
pkgs/npm/[email protected]/src/utils/is-ci.js:8
    return (process.env.CI ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #299257d381d00056 Environment-variable access.
pkgs/npm/[email protected]/src/utils/is-ci.js:9
        process.env.TF_BUILD === 'true' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba8dde6b9555c87f Environment-variable access.
pkgs/npm/[email protected]/src/utils/is-ci.js:10
        process.env.GITHUB_ACTIONS === 'true' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70b431ee60f33456 Environment-variable access.
pkgs/npm/[email protected]/src/utils/is-ci.js:11
        process.env.BUILDKITE === 'true' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #295315439408357b Environment-variable access.
pkgs/npm/[email protected]/src/utils/is-ci.js:12
        process.env.CIRCLECI === 'true' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19d4663685ad9585 Environment-variable access.
pkgs/npm/[email protected]/src/utils/is-ci.js:13
        process.env.CIRRUS_CI === 'true' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d592e30bbe1cab5 Environment-variable access.
pkgs/npm/[email protected]/src/utils/is-ci.js:14
        process.env.TRAVIS === 'true' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #431426c99c95ae31 Environment-variable access.
pkgs/npm/[email protected]/src/utils/is-ci.js:15
        !!process.env['bamboo.buildKey'] ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #634b6bb418027d06 Environment-variable access.
pkgs/npm/[email protected]/src/utils/is-ci.js:16
        !!process.env['bamboo_buildKey'] ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0b747c6e6c9ba9b Environment-variable access.
pkgs/npm/[email protected]/src/utils/is-ci.js:17
        !!process.env.CODEBUILD_BUILD_ID ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24185e6186d42321 Environment-variable access.
pkgs/npm/[email protected]/src/utils/is-ci.js:18
        !!process.env.GITLAB_CI ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89e05121e9fecea7 Environment-variable access.
pkgs/npm/[email protected]/src/utils/is-ci.js:19
        !!process.env.HEROKU_TEST_RUN_ID ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #123d7ca6bafe8f20 Environment-variable access.
pkgs/npm/[email protected]/src/utils/is-ci.js:20
        !!process.env.BUILD_ID ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #250041721cc36419 Environment-variable access.
pkgs/npm/[email protected]/src/utils/is-ci.js:21
        !!process.env.BUILD_NUMBER ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09e865404db1b3d1 Environment-variable access.
pkgs/npm/[email protected]/src/utils/is-ci.js:22
        !!process.env.BUILD_BUILDID ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #badc42bfdb4dca26 Environment-variable access.
pkgs/npm/[email protected]/src/utils/is-ci.js:23
        !!process.env.TEAMCITY_VERSION ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41e4573bd8726f72 Environment-variable access.
pkgs/npm/[email protected]/src/utils/is-ci.js:24
        !!process.env.JENKINS_URL ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2d50d74d66f233a Environment-variable access.
pkgs/npm/[email protected]/src/utils/is-ci.js:25
        !!process.env.HUDSON_URL);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0d814a86dd605c9 Filesystem access.
pkgs/npm/[email protected]/src/utils/legacy-task-history.js:6
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce5ed56ab9700ebf Environment-variable access.
pkgs/npm/[email protected]/src/utils/logger.js:39
        if (process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1aa191f840183f7 Environment-variable access.
pkgs/npm/[email protected]/src/utils/nx-cloud-utils.js:6
    if (process.env.NX_NO_CLOUD === 'true' || nxJson.neverConnectToCloud) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd0b2eee1e00e06e Environment-variable access.
pkgs/npm/[email protected]/src/utils/nx-cloud-utils.js:9
    return (!!process.env.NX_CLOUD_AUTH_TOKEN ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf23b046609ee06e Environment-variable access.
pkgs/npm/[email protected]/src/utils/nx-cloud-utils.js:10
        !!process.env.NX_CLOUD_ACCESS_TOKEN ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a5c231dd6e35e6c Environment-variable access.
pkgs/npm/[email protected]/src/utils/nx-cloud-utils.js:19
            process.env.NX_CLOUD_AUTH_TOKEN ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ca84067fc48cb19 Environment-variable access.
pkgs/npm/[email protected]/src/utils/nx-cloud-utils.js:20
            process.env.NX_CLOUD_ACCESS_TOKEN) &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5ca05d845a71db3 Environment-variable access.
pkgs/npm/[email protected]/src/utils/output.js:13
const forceColor = process.env.FORCE_COLOR === '' || process.env.FORCE_COLOR === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aee45880db86e7d8 Environment-variable access.
pkgs/npm/[email protected]/src/utils/output.js:162
        if (process.env.NX_SKIP_LOG_GROUPING !== 'true' &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7da75c4293250ba Environment-variable access.
pkgs/npm/[email protected]/src/utils/output.js:163
            process.env.GITHUB_ACTIONS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8943bd9601b80ee1 Environment-variable access.
pkgs/npm/[email protected]/src/utils/output.js:172
        if (process.env.NX_SKIP_LOG_GROUPING !== 'true' &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2902791c1897aba Environment-variable access.
pkgs/npm/[email protected]/src/utils/output.js:173
            process.env.GITHUB_ACTIONS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c1b6a92c676e71d Filesystem access.
pkgs/npm/[email protected]/src/utils/package-json.js:12
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d1730adcf5e5cb3 Environment-variable access.
pkgs/npm/[email protected]/src/utils/package-json.js:205
    const isVerbose = process.env.NX_VERBOSE_LOGGING === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #921c1f6c8993d263 Filesystem access.
pkgs/npm/[email protected]/src/utils/package-manager.js:20
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f828f963ba102b76 Environment-variable access.
pkgs/npm/[email protected]/src/utils/package-manager.js:160
            process.env.npm_config_legacy_peer_deps ??= 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76e96e2e5fb9709b Environment-variable access.
pkgs/npm/[email protected]/src/utils/params.js:645
    return !!process.stdout.isTTY && process.env['CI'] !== 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94581075aace022b Environment-variable access.
pkgs/npm/[email protected]/src/utils/path.js:34
    return process.env.INIT_CWD?.startsWith(workspace_root_1.workspaceRoot)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d4a2cafcb21dd13 Environment-variable access.
pkgs/npm/[email protected]/src/utils/path.js:35
        ? process.env.INIT_CWD

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee5ce5b90f5906a7 Environment-variable access.
pkgs/npm/[email protected]/src/utils/perf-logging.js:5
if (process.env.NX_PERF_LOGGING === 'true' && !initialized) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc83a6f59427b86c Filesystem access.
pkgs/npm/[email protected]/src/utils/plugins/local-plugins.js:4
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7f3ee9f46bf8343 Environment-variable access.
pkgs/npm/[email protected]/src/utils/provenance.js:20
    if (process.env.NX_SKIP_PROVENANCE_CHECK) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d9cf929dbdfd132 Environment-variable access.
pkgs/npm/[email protected]/src/utils/task-history.js:44
    if (process.env.NX_DISABLE_DB === 'true' || native_1.IS_WASM) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #776276024c5c695d Environment-variable access.
pkgs/npm/[email protected]/src/utils/workspace-root.js:17
    if (process.env.NX_WORKSPACE_ROOT_PATH)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55a7583742196764 Environment-variable access.
pkgs/npm/[email protected]/src/utils/workspace-root.js:18
        return process.env.NX_WORKSPACE_ROOT_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

nyc

npm dependency
expand_more 28 low-confidence finding(s)
low env_fs dependency Excluded from app score #de06bf8afe6ac24b Filesystem access.
pkgs/npm/[email protected]/bin/nyc.js:10
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd694ea466d47abd Environment-variable access.
pkgs/npm/[email protected]/bin/nyc.js:53
    env.BABEL_DISABLE_CACHE = process.env.BABEL_DISABLE_CACHE = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #852819913f742f25 Environment-variable access.
pkgs/npm/[email protected]/bin/nyc.js:81
    env.SPAWN_WRAP_SHIM_ROOT = process.env.SPAWN_WRAP_SHIM_ROOT || process.env.XDG_CACHE_HOME || require('os').homedir()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5fb6def24732b00 Filesystem access.
pkgs/npm/[email protected]/index.js:190
        const source = await fs.readFile(filename, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86964da1973b623a Filesystem access.
pkgs/npm/[email protected]/index.js:218
      const inCode = await fs.readFile(inFile, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5cd57011e7887740 Filesystem access.
pkgs/npm/[email protected]/index.js:226
        await fs.writeFile(outFile, outCode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2b08253b9438d31 Environment-variable access.
pkgs/npm/[email protected]/index.js:353
    if (!process.env.NYC_CWD) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bfdc724ab33b24a Environment-variable access.
pkgs/npm/[email protected]/index.js:375
    process.env.NYC_PROCESS_ID = this.processInfo.uuid

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08e3302b7b9a46ff Filesystem access.
pkgs/npm/[email protected]/index.js:409
    fs.writeFileSync(
      coverageFilename,
      JSON.stringify(coverage),
      'utf-8'
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9621d6768df92334 Filesystem access.
pkgs/npm/[email protected]/index.js:514
      const report = JSON.parse(await fs.readFile(path.resolve(baseDirectory, filename)), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c759fdb9baba31d0 Environment-variable access.
pkgs/npm/[email protected]/lib/commands/check-coverage.js:19
  process.env.NYC_CWD = process.cwd()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9bb8c806526cf76a Environment-variable access.
pkgs/npm/[email protected]/lib/commands/merge.js:33
  process.env.NYC_CWD = process.cwd()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc8f6c23dce4792c Filesystem access.
pkgs/npm/[email protected]/lib/commands/merge.js:44
  await fs.writeFile(argv.outputFile, JSON.stringify(map), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab7470bab59aafa4 Environment-variable access.
pkgs/npm/[email protected]/lib/commands/report.js:19
  process.env.NYC_CWD = process.cwd()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd447e977c341cd5 Environment-variable access.
pkgs/npm/[email protected]/lib/config-util.js:12
  cwd = cwd || process.env.NYC_CWD || process.cwd()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #821df511cd8baf34 Filesystem access.
pkgs/npm/[email protected]/lib/fs-promises.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9da6c4daaa2c3b9 Environment-variable access.
pkgs/npm/[email protected]/lib/register-env.js:21
    envToCopy[env] = process.env[env]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #501045e60296d16c Environment-variable access.
pkgs/npm/[email protected]/lib/register-env.js:26
  envToCopy[envName] = process.env[envName]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5aeef45e04455270 Filesystem access.
pkgs/npm/[email protected]/lib/source-maps.js:43
      fs.writeFileSync(mapPath, JSON.stringify(sourceMap))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c565c3fa5065573c Filesystem access.
pkgs/npm/[email protected]/lib/source-maps.js:68
            this.loadedMaps[hash] = JSON.parse(await fs.readFile(mapPath, 'utf8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43f5cd44d0ea9f24 Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:6
  process.env.NYC_CONFIG ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1420410ae0e8d351 Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:15
  parent: process.env.NYC_PROCESS_ID || null

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c48c13c9a57d4c29 Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:18
if (process.env.NYC_PROCESSINFO_EXTERNAL_ID) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa2fcbb95cd48b5a Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:19
  config._processInfo.externalId = process.env.NYC_PROCESSINFO_EXTERNAL_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd7b9ac8b56176ad Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:20
  delete process.env.NYC_PROCESSINFO_EXTERNAL_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1f997eff5518eb5 Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:23
if (process.env.NYC_CONFIG_OVERRIDE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13d16fc6d29dda68 Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:24
  Object.assign(config, JSON.parse(process.env.NYC_CONFIG_OVERRIDE))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6e506577481e5d5 Environment-variable access.
pkgs/npm/[email protected]/lib/wrap.js:25
  process.env.NYC_CONFIG = JSON.stringify(config)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

oclif

npm dependency
expand_more 19 low-confidence finding(s)
low env_fs dependency Excluded from app score #0661792ceee7af0f Environment-variable access.
pkgs/npm/[email protected]/lib/aws.js:20
            accessKeyId: process.env.AWS_ACCESS_KEY_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a82c6e0397a3cd3 Environment-variable access.
pkgs/npm/[email protected]/lib/aws.js:21
            secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b072fc0ea420748 Environment-variable access.
pkgs/npm/[email protected]/lib/aws.js:22
            sessionToken: process.env.AWS_SESSION_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #deaa8fe5e70cb485 Environment-variable access.
pkgs/npm/[email protected]/lib/aws.js:32
            const endpoint = process.env.AWS_S3_ENDPOINT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bec04b2915ac43a3 Environment-variable access.
pkgs/npm/[email protected]/lib/aws.js:33
            const checksumConfig = (0, util_1.getS3ChecksumConfig)(endpoint, process.env.AWS_REQUEST_CHECKSUM_CALCULATION);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d82acfec79db2039 Environment-variable access.
pkgs/npm/[email protected]/lib/aws.js:39
                        forcePathStyle: Boolean(process.env.AWS_S3_FORCE_PATH_STYLE),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56171725c6b13edf Environment-variable access.
pkgs/npm/[email protected]/lib/aws.js:40
                        region: process.env.AWS_REGION ?? 'us-east-1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2fc9488f541f40a6 Environment-variable access.
pkgs/npm/[email protected]/lib/commands/generate.js:18
    const token = process.env.GITHUB_TOKEN ?? process.env.GH_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8e02cd9256ff38d Filesystem access.
pkgs/npm/[email protected]/lib/commands/pack/deb.js:143
                fsPromises.writeFile(node_path_1.default.join(workspace, 'usr', 'lib', config.dirname, 'bin', config.bin), scripts.bin(config), { mode: 0o755 }),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f978c651781ad749 Filesystem access.
pkgs/npm/[email protected]/lib/commands/pack/deb.js:144
                fsPromises.writeFile(node_path_1.default.join(workspace, 'DEBIAN', 'control'), scripts.control(buildConfig, (0, upload_util_1.debArch)(arch))),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02f5090efa8f05ad Filesystem access.
pkgs/npm/[email protected]/lib/commands/pack/deb.js:192
    await fs.writeFile(ftparchive, scripts.ftparchive(config));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff4c24e1626f4519 Filesystem access.
pkgs/npm/[email protected]/lib/commands/pack/macos.js:229
                await fs.writeFile(noBundleConfigurationPath, noBundleConfiguration, { mode: 0o755 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc247fb8666bcbf1 Filesystem access.
pkgs/npm/[email protected]/lib/commands/pack/macos.js:235
                await fs.writeFile(node_path_1.default.join(...scriptLocation), scripts[script](config, flags['additional-cli']), {
                    mode: 0o755,
                });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3eb18aa387f85c7c Environment-variable access.
pkgs/npm/[email protected]/lib/commands/pack/macos.js:264
            if (process.env.OSX_KEYCHAIN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13fab1b5efeaae0d Environment-variable access.
pkgs/npm/[email protected]/lib/commands/pack/macos.js:265
                args.push('--keychain', process.env.OSX_KEYCHAIN);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d29891bc212bc48 Filesystem access.
pkgs/npm/[email protected]/lib/commands/readme.js:105
            const tsConfigRaw = await fs.readFile(tsConfigPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14426f5666dce65e Environment-variable access.
pkgs/npm/[email protected]/lib/readme-generator.js:48
const columns = Number.parseInt(process.env.COLUMNS, 10) || 120;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f824f1791a9887e5 Filesystem access.
pkgs/npm/[email protected]/lib/tarballs/bin.js:50
        await fs.promises.writeFile(node_path_1.default.join(baseWorkspace, 'bin', `${bin}.cmd`), `@echo off
setlocal enableextensions

if not "%${redirectedEnvVar}%"=="1" if exist "%LOCALAPPDATA%\\${bin}\\client\\bin\\${bin}.cmd" (
  set ${redirectedEnvVar}=1
  "%LOCALAPPDATA%\\${bin}\\client\\bin\\${bin}.cmd" %*
  goto:EOF
)

if not defined ${binPathEnvVar} set ${binPathEnvVar}="%~dp0${bin}.cmd"

if exist "%~dp0..\\bin\\node.exe" (
  "%~dp0..\\bin\\node.exe" ${`${nodeOptions.join(' ')} `}"%~dp0..\\bin\\run" %*
) else if exist "%LOCALAPPDATA%\\oclif\\node\\node-${nodeVersion}.exe" (
  "%LOCALAPPDATA%\\oclif\\node\\node-${nodeVersion}.exe" ${`${nodeOptions.join(' ')} `}"%~dp0..\\bin\\run" %*
) else (
  node ${`${nodeOptions.join(' ')} `}"%~dp0..\\bin\\run" %*
)
`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #972c7c184b572b39 Filesystem access.
pkgs/npm/[email protected]/lib/tarballs/bin.js:72
        await fs.promises.writeFile(bin, `#!/usr/bin/env bash
set -e
echoerr() { echo "$@" 1>&2; }

get_script_dir () {
  SOURCE="\${BASH_SOURCE[0]}"
  # While \$SOURCE is a symlink, resolve it
  while [ -h "\$SOURCE" ]; do
    DIR="\$( cd -P "\$( dirname "\$SOURCE" )" && pwd )"
    SOURCE="\$( readlink "\$SOURCE" )"
    # If \$SOURCE was a relative symlink (so no "/" as prefix, need to resolve it relative to the symlink base directory
    [[ \$SOURCE != /* ]] && SOURCE="\$DIR/\$SOURCE"
  done
  DIR="\$( cd -P "\$( dirname "\$SOURCE" )" && pwd )"
  echo "\$DIR"
}
DIR=\$(get_script_dir)
CLI_HOME=\$(cd && pwd)
XDG_DATA_HOME=\${XDG_DATA_HOME:="\$CLI_HOME/.local/share"}
CLIENT_HOME=\${${clientHomeEnvVar}:=$XDG_DATA_HOME/${config.dirname}/client}
BIN_PATH="\$CLIENT_HOME/bin/${config.bin}"
if [ -z "\$${redirectedEnvVar}" ] && [ -x "\$BIN_PATH" ] && [[ ! "\$DIR/${config.bin}" -ef "\$BIN_PATH" ]]; then
  if [ "\$DEBUG" == "*" ]; then
    echoerr "\$BIN_PATH" "\$@"
  fi
  ${binPathEnvVar}="\$BIN_PATH" ${redirectedEnvVar}=1 "\$BIN_PATH" "\$@"
else
  export ${binPathEnvVar}=\${${binPathEnvVar}:="\$DIR/${config.bin}"}
  if [ -x "$(command -v "\$XDG_DATA_HOME/oclif/node/node-custom")" ]; then
    NODE="\$XDG_DATA_HOME/oclif/node/node-custom"
  elif [ -x "$(command -v "\$DIR/node")" ]; then
    NODE="\$DIR/node"
  elif [ -x "$(command -v "\$XDG_DATA_HOME/oclif/node/node-${nodeVersion}")" ]; then
    NODE="\$XDG_DATA_HOME/oclif/node/node-${nodeVersion}"
  elif [ -x "$(command -v node)" ]; then
    NODE=node
  else
    echoerr 'Error: node is not installed.' >&2
    exit 1
  fi
  if [ "\$DEBUG" == "*" ]; then
    echoerr ${binPathEnvVar}="\$${binPathEnvVar}" "\$NODE" ${`${nodeOptions.join(' ')} `}"\$DIR/run" "\$@"
  fi
  "\$NODE" ${`${nodeOptions.join(' ')} `}"\$DIR/run" "\$@"
fi
`, { mode: 0o755 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

oracledb

npm dependency
expand_more 44 low-confidence finding(s)
low env_fs tooling Excluded from app score unknown #18fe70dfb84d5494 Environment-variable access.
pkgs/npm/[email protected]/examples/dbconfig.js:76
  user: process.env.NODE_ORACLEDB_USER,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #d7331df5c83c8bd5 Environment-variable access.
pkgs/npm/[email protected]/examples/dbconfig.js:82
  password: process.env.NODE_ORACLEDB_PASSWORD,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #02610f00e85f4b67 Environment-variable access.
pkgs/npm/[email protected]/examples/dbconfig.js:86
  connectString: process.env.NODE_ORACLEDB_CONNECTIONSTRING,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #66b0dcfa6e01ab2d Environment-variable access.
pkgs/npm/[email protected]/examples/dbconfig.js:90
  externalAuth: process.env.NODE_ORACLEDB_EXTERNALAUTH ? true : false,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #e5a49f8603b1aa2f Environment-variable access.
pkgs/npm/[email protected]/examples/dbconfig.js:97
if (process.env.NODE_ORACLEDB_WALLET_PASSWORD) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #52f20026e5661edb Environment-variable access.
pkgs/npm/[email protected]/examples/dbconfig.js:98
  config.walletPassword = process.env.NODE_ORACLEDB_WALLET_PASSWORD;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #ce78996f2e344e83 Environment-variable access.
pkgs/npm/[email protected]/examples/dbconfig.js:101
if (process.env.NODE_ORACLEDB_WALLET_LOCATION) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #c4f01f07e2740a2a Environment-variable access.
pkgs/npm/[email protected]/examples/dbconfig.js:102
  config.walletLocation = process.env.NODE_ORACLEDB_WALLET_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #deb18b4e59d8b3ba Environment-variable access.
pkgs/npm/[email protected]/examples/dbconfig.js:109
if (process.env.NODE_ORACLEDB_DBA_USER) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #24542998bb9ec4fc Environment-variable access.
pkgs/npm/[email protected]/examples/dbconfig.js:110
  config.DBA_user = process.env.NODE_ORACLEDB_DBA_USER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #809b5c06c7957461 Environment-variable access.
pkgs/npm/[email protected]/examples/dbconfig.js:113
if (process.env.NODE_ORACLEDB_DBA_PASSWORD) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #701da7c9c8a01557 Environment-variable access.
pkgs/npm/[email protected]/examples/dbconfig.js:114
  config.DBA_password = process.env.NODE_ORACLEDB_DBA_PASSWORD;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #1a19ca76b8042c61 Environment-variable access.
pkgs/npm/[email protected]/examples/example.js:47
if (process.env.NODE_ORACLEDB_DRIVER_MODE === 'thick') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #8017a2f3b31ed0e2 Environment-variable access.
pkgs/npm/[email protected]/examples/example.js:60
    clientOpts = { libDir: process.env.NODE_ORACLEDB_CLIENT_LIB_DIR };

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34615785b17ebaea Filesystem access.
pkgs/npm/[email protected]/lib/configProviders/file.js:26
const fs = require('fs').promises;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7c9a5b69f6ca512 Filesystem access.
pkgs/npm/[email protected]/lib/configProviders/file.js:47
    const data = Buffer.from(await fs.readFile(this.paramMap.get("filepath"), { encoding: 'utf8', flag: 'r' }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b2769ba044681d0 Environment-variable access.
pkgs/npm/[email protected]/lib/impl/parserHelpers.js:286
    const configDir = options.configDir || process.env.TNS_ADMIN || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03774c388253b517 Environment-variable access.
pkgs/npm/[email protected]/lib/impl/parserHelpers.js:424
        errors.throwErr(errors.ERR_TNS_ENTRY_NOT_FOUND, connStr, configDir ? configDir + '/tnsnames.ora' : process.env.TNS_ADMIN + '/tnsnames.ora');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e9aed564d8b89d7 Environment-variable access.
pkgs/npm/[email protected]/lib/poolStatistics.js:83
    this.threadPoolSize = process.env.UV_THREADPOOL_SIZE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #162fb430795ed0ed Environment-variable access.
pkgs/npm/[email protected]/lib/thin/connection.js:1248
    } else if (process.env.ORA_DEBUG_JDWP) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a27bc95bb8ed275b Environment-variable access.
pkgs/npm/[email protected]/lib/thin/connection.js:1249
      this.jdwpData = Buffer.from(process.env.ORA_DEBUG_JDWP);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de6d6b18f951a0a2 Environment-variable access.
pkgs/npm/[email protected]/lib/thin/protocol/messages/auth.js:115
    } else if (process.env.ORA_EDITION) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8a9aac04e20ac0e Environment-variable access.
pkgs/npm/[email protected]/lib/thin/protocol/messages/auth.js:116
      this.edition = process.env.ORA_EDITION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abe7f0a2df19a348 Environment-variable access.
pkgs/npm/[email protected]/lib/thin/protocol/messages/auth.js:160
    if (process.env.ORA_SDTZ) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36f640b88c2b521a Environment-variable access.
pkgs/npm/[email protected]/lib/thin/protocol/messages/auth.js:161
      tzRepr = process.env.ORA_SDTZ;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #346890111b66f170 Environment-variable access.
pkgs/npm/[email protected]/lib/thin/sqlnet/ntTcp.js:349
    if (process.env.NODE_ORACLEDB_DEBUG_PACKETS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99aa20b16b601e12 Environment-variable access.
pkgs/npm/[email protected]/lib/thin/sqlnet/ntTcp.js:458
        if (process.env.NODE_ORACLEDB_DEBUG_PACKETS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce4399aa497f78ad Filesystem access.
pkgs/npm/[email protected]/lib/thin/sqlnet/paramParser.js:30
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68b42a033f2d84f1 Environment-variable access.
pkgs/npm/[email protected]/lib/thin/sqlnet/paramParser.js:41
  const tnsAdminVal = process.env.TNS_ADMIN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7e77488980573db Filesystem access.
pkgs/npm/[email protected]/lib/thin/sqlnet/sessionAtts.js:32
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d071b8a09a74d5f2 Filesystem access.
pkgs/npm/[email protected]/lib/thin/sqlnet/sessionAtts.js:151
      fs.readFile(this.nt.walletFile, (err, data) => {
        if (err) {
          reject(err);
        } else {
          resolve(data);
        }
      });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #762ec8c5b693c22a Filesystem access.
pkgs/npm/[email protected]/package/install.js:41
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f1e07b9f09ce5b0 Filesystem access.
pkgs/npm/[email protected]/package/prunebinaries.js:45
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b45dcbfc3d364af Environment-variable access.
pkgs/npm/[email protected]/plugins/configProviders/awsCommon.js:47
    process.env.HTTPS_PROXY ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b060f1a58e2abcd0 Environment-variable access.
pkgs/npm/[email protected]/plugins/configProviders/awsCommon.js:48
    process.env.https_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d8c174f10f316db Environment-variable access.
pkgs/npm/[email protected]/plugins/configProviders/awsCommon.js:51
    process.env.HTTPS_PROXY_PORT ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27845586b58ced0c Environment-variable access.
pkgs/npm/[email protected]/plugins/configProviders/awsCommon.js:52
    process.env.https_proxy_port;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9d21a920d923da4 Environment-variable access.
pkgs/npm/[email protected]/plugins/configProviders/awsCommon.js:90
  if (process.env.AWS_REGION) return process.env.AWS_REGION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1fe0c4d1692c9662 Environment-variable access.
pkgs/npm/[email protected]/plugins/configProviders/awsCommon.js:94
    const profile = paramMap.get("aws_profile") || process.env.AWS_PROFILE || "default";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7f2e984fe811aa3 Environment-variable access.
pkgs/npm/[email protected]/plugins/configProviders/awsCommon.js:111
    profile: paramMap.get("aws_profile") || process.env.AWS_PROFILE || "default",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #369a9a168c0723e2 Filesystem access.
pkgs/npm/[email protected]/plugins/configProviders/ociobject/index.js:32
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03d8ab25474df483 Filesystem access.
pkgs/npm/[email protected]/plugins/configProviders/ociobject/index.js:109
        const publicKey = fs.readFileSync(this.paramMap.get('oci_key_file'), { encoding: "utf8" });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4d4eeb697b196e9 Filesystem access.
pkgs/npm/[email protected]/plugins/token/extensionOci/index.js:31
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #caa4c1be02e16918 Filesystem access.
pkgs/npm/[email protected]/plugins/token/extensionOci/index.js:159
  const privateKey = fs.readFileSync(privateKeyLocation, 'utf-8'); // ~/.oci/oci_api_key.pem

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pg

npm dependency
expand_more 6 low-confidence finding(s)
low env_fs dependency Excluded from app score #dbcb1ad8d6faeb48 Environment-variable access.
pkgs/npm/[email protected]/lib/connection-parameters.js:15
    envVar = process.env['PG' + key.toUpperCase()]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2889c6fa4aba57a2 Environment-variable access.
pkgs/npm/[email protected]/lib/connection-parameters.js:19
    envVar = process.env[envVar]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa7d56b72eb8bd62 Environment-variable access.
pkgs/npm/[email protected]/lib/connection-parameters.js:26
  switch (process.env.PGSSLMODE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e9d8be95224a94e Environment-variable access.
pkgs/npm/[email protected]/lib/connection-parameters.js:127
      this.connect_timeout = process.env.PGCONNECT_TIMEOUT || 0

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50f8bc7f5870ab49 Environment-variable access.
pkgs/npm/[email protected]/lib/defaults.js:5
  user = process.platform === 'win32' ? process.env.USERNAME : process.env.USER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a7666a881d649fd Environment-variable access.
pkgs/npm/[email protected]/lib/index.js:41
  forceNative = !!process.env.NODE_PG_FORCE_NATIVE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

prettier

npm dependency
expand_more 35 low-confidence finding(s)
low env_fs dependency Excluded from app score #568b4d1ecf2acae7 Environment-variable access.
pkgs/npm/[email protected]/index.mjs:5546
    var debug = typeof process === "object" && process.env && process.env.NODE_DEBUG && /\bsemver\b/i.test(process.env.NODE_DEBUG) ? (...args) => console.error("SEMVER", ...args) : () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34544c454037a2bc Environment-variable access.
pkgs/npm/[email protected]/index.mjs:6086
    if (process.env.npm_package_name === "pseudomap" && process.env.npm_lifecycle_script === "test")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #550844e8dd160cf2 Environment-variable access.
pkgs/npm/[email protected]/index.mjs:6087
      process.env.TEST_PSEUDOMAP = "true";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07a47bcbbf8b16fc Environment-variable access.
pkgs/npm/[email protected]/index.mjs:6088
    if (typeof Map === "function" && !process.env.TEST_PSEUDOMAP) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3c164444fbea44f Environment-variable access.
pkgs/npm/[email protected]/index.mjs:6430
    var hasSymbol = typeof Symbol === "function" && process.env._nodeLRUCacheForceNoSymbol !== "1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #722f4adb3221b25a Filesystem access.
pkgs/npm/[email protected]/index.mjs:7565
            fs7.readFile(file, "utf8", function(err, data) {
              if (err) {
                reject(err);
                return;
              }
              resolve3(parseString2(data));
            });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f7c17a4d2c8ac5c Filesystem access.
pkgs/npm/[email protected]/index.mjs:7578
      return parseString2(fs7.readFileSync(file, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80bf130477ac3537 Filesystem access.
pkgs/npm/[email protected]/index.mjs:7914
              fs7.readFile(name, "utf8", function(err, data) {
                resolve3({
                  name,
                  contents: err ? "" : data
                });
              });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7379777f1191ccad Filesystem access.
pkgs/npm/[email protected]/index.mjs:7930
          file = fs7.readFileSync(filepath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6200b5d98f77d04 Environment-variable access.
pkgs/npm/[email protected]/index.mjs:8710
      return typeof process === "object" && (process.env.FORCE_COLOR === "0" || process.env.FORCE_COLOR === "false") ? false : picocolors.isColorSupported;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1956044fb64d7e8e Environment-variable access.
pkgs/npm/[email protected]/index.mjs:9356
      typeof process !== "undefined" && (process.env && process.env.IGNORE_TEST_WIN32 || process.platform === "win32")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f814ecc7cf19abd3 Filesystem access.
pkgs/npm/[email protected]/index.mjs:11538
import fs from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f400794759fa2bf2 Filesystem access.
pkgs/npm/[email protected]/index.mjs:11735
import fs2 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dec718e5cad732a0 Filesystem access.
pkgs/npm/[email protected]/index.mjs:11765
  return fs2.writeFile(file, data);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3de5c26fa77e262 Filesystem access.
pkgs/npm/[email protected]/index.mjs:11776
import fs3 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a3f80683688b475 Filesystem access.
pkgs/npm/[email protected]/index.mjs:15447
import fs4 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95a82f58bf5a1da0 Filesystem access.
pkgs/npm/[email protected]/index.mjs:15453
    return await fs4.readFile(file, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61a9708d96d62b1f Filesystem access.
pkgs/npm/[email protected]/index.mjs:15600
import { statSync, realpathSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b4d5a547ea73038 Filesystem access.
pkgs/npm/[email protected]/index.mjs:15610
import fs5 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #079fdb6eeee2de59 Filesystem access.
pkgs/npm/[email protected]/index.mjs:15962
    string = fs5.readFileSync(path5.toNamespacedPath(jsonPath), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb3a0d06d0e570d7 Filesystem access.
pkgs/npm/[email protected]/index.mjs:17220
import fs6 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d396b101af40d90 Environment-variable access.
pkgs/npm/[email protected]/index.mjs:20039
      if (process.env.PRETTIER_DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a13f728960a8b714 Filesystem access.
pkgs/npm/[email protected]/internal/cli.mjs:748
import fs from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9f6b67a305601f8 Filesystem access.
pkgs/npm/[email protected]/internal/cli.mjs:1576
import fs8 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3dffa1978ac22cea Filesystem access.
pkgs/npm/[email protected]/internal/cli.mjs:1726
import fs4 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73b34eb0a8befffc Filesystem access.
pkgs/npm/[email protected]/internal/cli.mjs:1734
import fs3 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56d0d47156c291be Filesystem access.
pkgs/npm/[email protected]/internal/cli.mjs:1746
import fs2, { promises as fsPromises } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10c082b3e1316553 Filesystem access.
pkgs/npm/[email protected]/internal/cli.mjs:1890
    const data = await fs4.readFile(cacheFile, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9521e7c871c42c25 Filesystem access.
pkgs/npm/[email protected]/internal/cli.mjs:1908
import fs7 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b689977478390010 Filesystem access.
pkgs/npm/[email protected]/internal/cli.mjs:1912
import fs6 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a41b6b947c5865a9 Filesystem access.
pkgs/npm/[email protected]/internal/cli.mjs:1917
import fs5 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c6a39bbbdbc0beb Filesystem access.
pkgs/npm/[email protected]/internal/cli.mjs:3170
      const data = fs5.readFileSync(pathToFile, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e11f1bbc87a69d9a Filesystem access.
pkgs/npm/[email protected]/internal/cli.mjs:3310
        fs5.writeFileSync(filePath, data);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9114b062f7fa135 Filesystem access.
pkgs/npm/[email protected]/internal/cli.mjs:3584
        const buffer = fs6.readFileSync(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6487918661f1f17 Filesystem access.
pkgs/npm/[email protected]/internal/cli.mjs:4187
      input = await fs8.readFile(filename, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

prettier-plugin-organize-imports

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #d0eddb475b986134 Environment-variable access.
pkgs/npm/[email protected]/index.js:37
		if (process.env.DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

semver

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #3550191b1766cf71 Environment-variable access.
pkgs/npm/[email protected]/internal/debug.js:6
  process.env.NODE_DEBUG &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ea90272d75e962d Environment-variable access.
pkgs/npm/[email protected]/internal/debug.js:7
  /\bsemver\b/i.test(process.env.NODE_DEBUG)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

source-map-support

npm dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #c5d59fbda340dfb1 Filesystem access.
pkgs/npm/[email protected]/browser-source-map-support.js:108
(x.name||"Error")+": "+(x.message||""),E={nextPosition:null,curPosition:null},H=[],M=B.length-1;0<=M;M--)H.push("\n    at "+r(B[M],E)),E.nextPosition=E.curPosition;E.curPosition=E.nextPosition=null;return F+H.reverse().join("")}function u(x){var B=/\n    at [^(]+ \((.*):(\d+):(\d+)\)/.exec(x.stack);if(B){x=B[1];var F=+B[2];B=+B[3];var E=b[x];if(!E&&v&&v.existsSync(x))try{E=v.readFileSync(x,"utf8")}catch(H){E=""}if(E&&(E=E.split(/(?:\r\n|\r|\n)/)[F-1]))return x+":"+F+"\n"+E+"\n"+Array(B).join(" ")+

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4d52f813bfeefae Filesystem access.
pkgs/npm/[email protected]/browser-source-map-support.js:110
n=C("path");try{var v=C("fs");v.existsSync&&v.readFileSync||(v=null)}catch(x){}var z=C("buffer-from"),G=!1,D=!1,L=!1,a="auto",b={},h={},w=/^data:application\/json[^,]+base64,/,y=[],I=[],K=t(y);y.push(function(x){x=x.trim();/^file:/.test(x)&&(x=x.replace(/file:\/\/\/(\w:)?/,function(E,H){return H?"":"/"}));if(x in b)return b[x];var B="";try{if(v)v.existsSync(x)&&(B=v.readFileSync(x,"utf8"));else{var F=new XMLHttpRequest;F.open("GET",x,!1);F.send(null);4===F.readyState&&200===F.status&&(B=F.responseText)}}catch(E){}return b[x]=

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c8870681eb234ac Filesystem access.
pkgs/npm/[email protected]/source-map-support.js:6
  fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e594b538993ea016 Filesystem access.
pkgs/npm/[email protected]/source-map-support.js:123
      contents = fs.readFileSync(path, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ac1ebf6a4244775 Filesystem access.
pkgs/npm/[email protected]/source-map-support.js:467
        contents = fs.readFileSync(source, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

sqlite3

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #9e9015902847d470 Filesystem access.
pkgs/npm/[email protected]/deps/extract.js:2
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ts-node

npm dependency
expand_more 7 low-confidence finding(s)
low env_fs dependency Excluded from app score #e2c80e0b70995177 Filesystem access.
pkgs/npm/[email protected]/dist-raw/node-internal-modules-cjs-loader.js:27
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0125b9fd4f6e07a8 Filesystem access.
pkgs/npm/[email protected]/dist-raw/node-internal-modules-esm-resolve.js:39
const {
  realpathSync,
  statSync,
  Stats,
} = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8af118d89ee32d1f Filesystem access.
pkgs/npm/[email protected]/dist-raw/node-internal-modules-esm-resolve.js:43
} = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82ed338fe7fcbdd5 Filesystem access.
pkgs/npm/[email protected]/dist-raw/node-internalBinding-fs.js:1
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47de73610750e339 Filesystem access.
pkgs/npm/[email protected]/dist-raw/node-internalBinding-fs.js:13
    string = fs.readFileSync(path, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7758e05975f08689 Environment-variable access.
pkgs/npm/[email protected]/dist-raw/node-options.js:48
  const envArgv = ParseNodeOptionsEnvVar(process.env.NODE_OPTIONS || '', errors);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac13362f86433a3d Environment-variable access.
pkgs/npm/[email protected]/dist-raw/node-options.js:99
  if(process.env.NODE_PENDING_DEPRECATION === '1') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

typescript

npm dependency
expand_more 10 low-confidence finding(s)
low env_fs dependency Excluded from app score #03d2c4938e5a5556 Filesystem access.
pkgs/npm/[email protected]/lib/_tsserver.js:51
var import_fs = __toESM(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3569be200e27c78c Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:309
    const envLogOptions = parseLoggingEnvironmentString(process.env.TSS_LOG);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbec37e899bcc7dc Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:535
  const traceDir = commandLineTraceDir ? (0, typescript_exports.stripQuotes)(commandLineTraceDir) : process.env.TSS_TRACE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db6cff316e7c1ecb Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:548
        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e28d4960ef12fae5 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:565
    if (process.env.XDG_CACHE_HOME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5bd327f498025c94 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:566
      return process.env.XDG_CACHE_HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9516eb4e48e95152 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:569
    const homePath = import_os.default.homedir && import_os.default.homedir() || process.env.HOME || (process.env.LOGNAME || process.env.USER) && `/${usersDir}/${process.env.LOGNAME || process.env.USER}` || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #912d7122900433d7 Filesystem access.
pkgs/npm/[email protected]/lib/_typingsInstaller.js:44
var fs = __toESM(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0fcfa9828e56ee28 Filesystem access.
pkgs/npm/[email protected]/lib/_typingsInstaller.js:88
    const content = JSON.parse(host.readFile(typesRegistryFilePath));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a3748aa2c72829f Filesystem access.
pkgs/npm/[email protected]/lib/watchGuard.js:42
var fs = __toESM(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

umzug

npm dependency
expand_more 12 low-confidence finding(s)
low env_fs dependency Excluded from app score #4b43fb1b6c8d48f0 Filesystem access.
pkgs/npm/[email protected]/lib/file-locker.d.ts:2
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1fcff02f8f264e1 Filesystem access.
pkgs/npm/[email protected]/lib/file-locker.js:27
const fs = __importStar(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1903fb2310b75ea Filesystem access.
pkgs/npm/[email protected]/lib/file-locker.js:71
        return this.fs.promises.readFile(filepath).then(buf => buf.toString(), () => undefined);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ddf2fe225af17c15 Filesystem access.
pkgs/npm/[email protected]/lib/file-locker.js:75
        await this.fs.promises.writeFile(filepath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97afb1b4378ee996 Filesystem access.
pkgs/npm/[email protected]/lib/file-locker.js:81
        const existing = await this.readFile(this.lockFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8292f0cd6eee2fc0 Filesystem access.
pkgs/npm/[email protected]/lib/file-locker.js:85
        await this.writeFile(this.lockFile, 'lock');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b06b627221a34dd0 Filesystem access.
pkgs/npm/[email protected]/lib/file-locker.js:88
        const existing = await this.readFile(this.lockFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9007f6f4fc876c7f Filesystem access.
pkgs/npm/[email protected]/lib/storage/json.js:27
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd9b440c4dd54495 Filesystem access.
pkgs/npm/[email protected]/lib/storage/json.js:32
        return fs_1.promises.readFile(filepath).then(c => c.toString(), () => null);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2d39974419bfe9a Filesystem access.
pkgs/npm/[email protected]/lib/storage/json.js:37
        await fs_1.promises.writeFile(filepath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c82f332caf61a867 Filesystem access.
pkgs/npm/[email protected]/lib/umzug.js:32
const fs = __importStar(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d861e4b379234f76 Filesystem access.
pkgs/npm/[email protected]/lib/umzug.js:277
                fs.writeFileSync(pair[0], pair[1]);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

  • snowflake-sdk prod — dist-only: no readable source
  • @inquirer/checkbox prod — dist-only: no readable source
  • @inquirer/confirm prod — dist-only: no readable source
  • @inquirer/input prod — dist-only: no readable source
  • @inquirer/select prod — dist-only: no readable source
  • cosmiconfig prod — dist-only: no readable source

Development

  • cross-env dev — dist-only: no readable source
  • lerna dev — dist-only: no readable source
  • typedoc-plugin-mdn-links dev — dist-only: no readable source
  • expect-type dev — dist-only: no readable source
  • rimraf dev — dist-only: no readable source