Close Open Privacy Scan

bolt Snapshot: commit 81328b6
science engine v3
schedule 2026-07-10T21:08:52.827847+00:00

verified_user Application data leak confirmed

High-confidence data exfiltration identified in application code.

Incomplete scan — only 33/70 dependencies were analyzed. Treat the score as provisional.

App Privacy Score

32 /100
High privacy risk — application leak confirmed

High risk · 276 finding(s)

Dependency score: 52 (Medium risk)

bar_chart Score Breakdown

pii_flow −60
egress −5
env_fs −3

list Scan Summary

4 high 0 medium 272 low
First-party packages: 1
Dependency packages: 17
Ecosystem: npm

swap_horiz Confirmed data exfiltration in application code

External domains: api.mistral.aigithub.commetadata.google.internalopenrouter.ai

high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/components/utility/drawing-canvas.tsx:12 repo/components/utility/drawing-canvas.tsx:73
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/components/utility/global-state.tsx:159 repo/components/utility/global-state.tsx:180
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/models/fetch-models.ts:58 repo/lib/models/fetch-models.ts:57
hub Dependency data flows (1)
high ai dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110 pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110

</> First-Party Code

first-party (npm)

npm first-party
high pii_flow production #181b188c45a8f145 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/components/utility/drawing-canvas.tsx:73 · flow /tmp/closeopen-2lpvpt78/repo/components/utility/drawing-canvas.tsx:12 → /tmp/closeopen-2lpvpt78/repo/components/utility/drawing-canvas.tsx:73
      fetch(dataURL)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #9ac1e43f5f445bdd User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/components/utility/global-state.tsx:180 · flow /tmp/closeopen-2lpvpt78/repo/components/utility/global-state.tsx:159 → /tmp/closeopen-2lpvpt78/repo/components/utility/global-state.tsx:180
          const response = await fetch(workspaceImageUrl)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #2cbf111858258a37 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/lib/models/fetch-models.ts:57 · flow /tmp/closeopen-2lpvpt78/repo/lib/models/fetch-models.ts:58 → /tmp/closeopen-2lpvpt78/repo/lib/models/fetch-models.ts:57
    const response = await fetch(
      process.env.NEXT_PUBLIC_OLLAMA_URL + "/api/tags"
    )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 41 low-confidence finding(s)
low env_fs test-only #4b99b5b387d85dd8 Environment-variable access.
repo/__tests__/playwright-test/playwright.config.ts:17
  forbidOnly: !!process.env.CI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #64ebc3ef75712318 Environment-variable access.
repo/__tests__/playwright-test/playwright.config.ts:19
  retries: process.env.CI ? 2 : 0,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #54aa1c1dc146d9f1 Environment-variable access.
repo/__tests__/playwright-test/playwright.config.ts:21
  workers: process.env.CI ? 1 : undefined,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2728d28214dc2869 Environment-variable access.
repo/app/[locale]/layout.tsx:75
    process.env.NEXT_PUBLIC_SUPABASE_URL!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1e6528f2f3173e52 Environment-variable access.
repo/app/[locale]/layout.tsx:76
    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #47a05dca0966cbc9 Environment-variable access.
repo/app/[locale]/login/page.tsx:24
    process.env.NEXT_PUBLIC_SUPABASE_URL!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5944a1b12725dfd6 Environment-variable access.
repo/app/[locale]/login/page.tsx:25
    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a8119df9958d792 Environment-variable access.
repo/app/[locale]/login/page.tsx:86
    if (process.env.EDGE_CONFIG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea92711418244be2 Environment-variable access.
repo/app/[locale]/login/page.tsx:90
    return process.env[name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #62ec11005ced8817 Environment-variable access.
repo/app/api/chat/custom/route.ts:21
      process.env.NEXT_PUBLIC_SUPABASE_URL!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b9143bd57233f0d9 Environment-variable access.
repo/app/api/chat/custom/route.ts:22
      process.env.SUPABASE_SERVICE_ROLE_KEY!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bc5bc372aaf7b6fb Environment-variable access.
repo/app/api/retrieval/process/docx/route.ts:21
      process.env.NEXT_PUBLIC_SUPABASE_URL!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0c4d83269839d01 Environment-variable access.
repo/app/api/retrieval/process/docx/route.ts:22
      process.env.SUPABASE_SERVICE_ROLE_KEY!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ba66ed9f5b26086 Environment-variable access.
repo/app/api/retrieval/process/route.ts:19
      process.env.NEXT_PUBLIC_SUPABASE_URL!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb9146ec588acfe9 Environment-variable access.
repo/app/api/retrieval/process/route.ts:20
      process.env.SUPABASE_SERVICE_ROLE_KEY!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #734e7c0eb48e2de8 Environment-variable access.
repo/app/api/retrieval/retrieve/route.ts:20
      process.env.NEXT_PUBLIC_SUPABASE_URL!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #102d112747394a5f Environment-variable access.
repo/app/api/retrieval/retrieve/route.ts:21
      process.env.SUPABASE_SERVICE_ROLE_KEY!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8543b939b16c5b7b Environment-variable access.
repo/app/api/username/available/route.ts:14
      process.env.NEXT_PUBLIC_SUPABASE_URL!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #598723b389856019 Environment-variable access.
repo/app/api/username/available/route.ts:15
      process.env.SUPABASE_SERVICE_ROLE_KEY!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c90584e381f24f48 Environment-variable access.
repo/app/api/username/get/route.ts:14
      process.env.NEXT_PUBLIC_SUPABASE_URL!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eff6b71487d0f741 Environment-variable access.
repo/app/api/username/get/route.ts:15
      process.env.SUPABASE_SERVICE_ROLE_KEY!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eab51294b371a896 Environment-variable access.
repo/components/chat/chat-helpers/index.ts:163
    process.env.NEXT_PUBLIC_OLLAMA_URL + "/api/chat",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aab40d732e7b2351 Environment-variable access.
repo/components/utility/global-state.tsx:147
      if (process.env.NEXT_PUBLIC_OLLAMA_URL) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #64baf712310b029d Environment-variable access.
repo/components/utility/profile-settings.tsx:618
                              !!process.env.NEXT_PUBLIC_OPENAI_ORGANIZATION_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #053adff78506d5d3 Environment-variable access.
repo/db/storage/files.ts:13
    process.env.NEXT_PUBLIC_USER_FILE_SIZE_LIMIT || "10000000"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a8a7d3b2f85f56c Environment-variable access.
repo/lib/envs.ts:5
  return Boolean(process.env[type])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d9ab4aec1ebcc1c Environment-variable access.
repo/lib/models/fetch-models.ts:58
      process.env.NEXT_PUBLIC_OLLAMA_URL + "/api/tags"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #7b0e4fe5e961be7d Hardcoded external endpoint. Review what data is sent to this destination.
repo/lib/models/fetch-models.ts:84
    const response = await fetch("https://openrouter.ai/api/v1/models")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #417d4dff48fa253b Environment-variable access.
repo/lib/server/server-chat-helpers.ts:9
    process.env.NEXT_PUBLIC_SUPABASE_URL!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea8889721f1223ba Environment-variable access.
repo/lib/server/server-chat-helpers.ts:10
    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8658d58caefa363d Environment-variable access.
repo/lib/server/server-chat-helpers.ts:61
    if (process.env[envKey]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #84f63b9624bc24b3 Environment-variable access.
repo/lib/server/server-chat-helpers.ts:62
      ;(profile as any)[profileKey] = process.env[envKey]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd60c3814bb3b505 Environment-variable access.
repo/lib/supabase/browser-client.ts:5
  process.env.NEXT_PUBLIC_SUPABASE_URL!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2c694ef0931b571a Environment-variable access.
repo/lib/supabase/browser-client.ts:6
  process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1197897784eff45d Environment-variable access.
repo/lib/supabase/client.ts:5
    process.env.NEXT_PUBLIC_SUPABASE_URL!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea6092d57a012b18 Environment-variable access.
repo/lib/supabase/client.ts:6
    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #87117a3f6b30eb8c Environment-variable access.
repo/lib/supabase/middleware.ts:13
    process.env.NEXT_PUBLIC_SUPABASE_URL!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c64840097f103fa1 Environment-variable access.
repo/lib/supabase/middleware.ts:14
    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f277862fe734d563 Environment-variable access.
repo/lib/supabase/server.ts:6
    process.env.NEXT_PUBLIC_SUPABASE_URL!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8e576b8b27b4350b Environment-variable access.
repo/lib/supabase/server.ts:7
    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #918b111bb5a8e93a Environment-variable access.
repo/next.config.js:2
  enabled: process.env.ANALYZE === "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

ai

npm dependency
high pii_flow dependency Excluded from app score #0be93db92c934a59 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110 · flow /tmp/closeopen-2lpvpt78/pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110 → /tmp/closeopen-2lpvpt78/pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110
      const response = await fetch(this.api.token, {
        method: 'POST',
        headers: { 'Content-Type': 'application/json' },
        body: JSON.stringify({ sessionConfig: this.sessionConfig }),
      });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

@anthropic-ai/sdk

npm dependency
expand_more 44 low-confidence finding(s)
low env_fs dependency Excluded from app score #0296be1054c91fe7 Filesystem access.
pkgs/npm/@[email protected]/core/credentials.js:110
        configRaw = await fs.promises.readFile(configPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #224cc935a12b100b Filesystem access.
pkgs/npm/@[email protected]/core/credentials.js:210
        raw = await fs.promises.readFile(credentialsPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9520aff0b8d2beec Filesystem access.
pkgs/npm/@[email protected]/core/credentials.js:308
        return (await fs.promises.readFile(filePath, 'utf-8')).trim() || 'default';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #963cb13e48d8a4d5 Filesystem access.
pkgs/npm/@[email protected]/core/credentials.mjs:73
        configRaw = await fs.promises.readFile(configPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf235efe6c6de54e Filesystem access.
pkgs/npm/@[email protected]/core/credentials.mjs:172
        raw = await fs.promises.readFile(credentialsPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3e0a3fce2348843 Filesystem access.
pkgs/npm/@[email protected]/core/credentials.mjs:268
        return (await fs.promises.readFile(filePath, 'utf-8')).trim() || 'default';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e142c27b93294e2 Filesystem access.
pkgs/npm/@[email protected]/lib/credentials/credential-chain.js:203
            const raw = await fs.promises.readFile(credentialsPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfffcccfb8248f2d Filesystem access.
pkgs/npm/@[email protected]/lib/credentials/credential-chain.mjs:166
            const raw = await fs.promises.readFile(credentialsPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28aa2c2ee3620b1a Filesystem access.
pkgs/npm/@[email protected]/lib/credentials/identity-token.js:51
            content = await fs.promises.readFile(path, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5457b8cab08db4f Filesystem access.
pkgs/npm/@[email protected]/lib/credentials/identity-token.mjs:14
            content = await fs.promises.readFile(path, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #739aa888d1530503 Filesystem access.
pkgs/npm/@[email protected]/lib/credentials/types.js:195
            await fh.writeFile(JSON.stringify(data, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14a7ef213fc4b591 Filesystem access.
pkgs/npm/@[email protected]/lib/credentials/types.mjs:154
            await fh.writeFile(JSON.stringify(data, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b04acdaf4438facb Filesystem access.
pkgs/npm/@[email protected]/lib/credentials/user-oauth.js:56
            raw = await fs.promises.readFile(config.credentialsPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae9b4f48f197c737 Filesystem access.
pkgs/npm/@[email protected]/lib/credentials/user-oauth.mjs:20
            raw = await fs.promises.readFile(config.credentialsPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1fc6b11f85ae4139 Filesystem access.
pkgs/npm/@[email protected]/src/core/credentials.ts:154
    configRaw = await fs.promises.readFile(configPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #745827e66b08e0d4 Filesystem access.
pkgs/npm/@[email protected]/src/core/credentials.ts:258
    raw = await fs.promises.readFile(credentialsPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f5082d4d008b5ef Filesystem access.
pkgs/npm/@[email protected]/src/core/credentials.ts:372
    return (await fs.promises.readFile(filePath, 'utf-8')).trim() || 'default';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c96b622967d56438 Filesystem access.
pkgs/npm/@[email protected]/src/lib/credentials/credential-chain.ts:250
      const raw = await fs.promises.readFile(credentialsPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1309647a07e0b81 Filesystem access.
pkgs/npm/@[email protected]/src/lib/credentials/identity-token.ts:17
      content = await fs.promises.readFile(path, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ef0913e77fc4185 Filesystem access.
pkgs/npm/@[email protected]/src/lib/credentials/types.ts:222
      await fh.writeFile(JSON.stringify(data, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24c8c6096b8f1a3a Filesystem access.
pkgs/npm/@[email protected]/src/lib/credentials/user-oauth.ts:45
      raw = await fs.promises.readFile(config.credentialsPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #399f641cdd43c6bb Filesystem access.
pkgs/npm/@[email protected]/src/tools/agent-toolset/fs-util.ts:112
    await handle.writeFile(content, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #797eb2cf21b1cce4 Filesystem access.
pkgs/npm/@[email protected]/src/tools/agent-toolset/node.ts:457
        data = await fs.readFile(abs, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #f31e7689dd20391e Filesystem access.
pkgs/npm/@[email protected]/src/tools/agent-toolset/node.ts:533
        data = await fs.readFile(abs, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #5ffb83ba811a6f85 Environment-variable access.
pkgs/npm/@[email protected]/src/tools/agent-toolset/node.ts:806
  const dirs = (process.env['PATH'] ?? '').split(path.delimiter);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #88a58103681e37e7 Filesystem access.
pkgs/npm/@[email protected]/src/tools/memory/node.ts:4
import * as fs from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #aa89d77d84088d71 Filesystem access.
pkgs/npm/@[email protected]/src/tools/memory/node.ts:52
    await handle.writeFile(content, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #c301e611cfdcde02 Filesystem access.
pkgs/npm/@[email protected]/src/tools/memory/node.ts:101
    return await fs.readFile(fullPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #c290577661047f10 Filesystem access.
pkgs/npm/@[email protected]/src/tools/memory/node.ts:256
      await handle.writeFile(command.file_text, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #eb56317e112d1346 Filesystem access.
pkgs/npm/@[email protected]/tools/agent-toolset/fs-util.js:115
        await handle.writeFile(content, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #5c24d3cf663337fd Filesystem access.
pkgs/npm/@[email protected]/tools/agent-toolset/fs-util.mjs:107
        await handle.writeFile(content, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #097cc4b0f041f846 Filesystem access.
pkgs/npm/@[email protected]/tools/agent-toolset/node.js:390
                data = await fs.readFile(abs, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #1cf83f4ae3118ee0 Filesystem access.
pkgs/npm/@[email protected]/tools/agent-toolset/node.js:469
                data = await fs.readFile(abs, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #06ab65ccfe4abdf4 Environment-variable access.
pkgs/npm/@[email protected]/tools/agent-toolset/node.js:755
    const dirs = (process.env['PATH'] ?? '').split(path.delimiter);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #2ecb04af767544aa Filesystem access.
pkgs/npm/@[email protected]/tools/agent-toolset/node.mjs:375
                data = await fs.readFile(abs, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #568d2be273e07152 Filesystem access.
pkgs/npm/@[email protected]/tools/agent-toolset/node.mjs:454
                data = await fs.readFile(abs, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #974322c0935034af Environment-variable access.
pkgs/npm/@[email protected]/tools/agent-toolset/node.mjs:740
    const dirs = (process.env['PATH'] ?? '').split(path.delimiter);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #712b5db6fe82ee35 Filesystem access.
pkgs/npm/@[email protected]/tools/memory/node.js:43
        await handle.writeFile(content, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #f8d30c7b08d757fa Filesystem access.
pkgs/npm/@[email protected]/tools/memory/node.js:91
        return await fs.readFile(fullPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #2873b0e08997c232 Filesystem access.
pkgs/npm/@[email protected]/tools/memory/node.js:213
            await handle.writeFile(command.file_text, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #fc2e377cdf858019 Filesystem access.
pkgs/npm/@[email protected]/tools/memory/node.mjs:2
import * as fs from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #bc0b8c455065c5ce Filesystem access.
pkgs/npm/@[email protected]/tools/memory/node.mjs:38
        await handle.writeFile(content, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #720604e9b82afaa1 Filesystem access.
pkgs/npm/@[email protected]/tools/memory/node.mjs:86
        return await fs.readFile(fullPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #f52fce6e70c7b00e Filesystem access.
pkgs/npm/@[email protected]/tools/memory/node.mjs:208
            await handle.writeFile(command.file_text, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@apidevtools/json-schema-ref-parser

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #04ccca7ce5749eb1 Filesystem access.
pkgs/npm/@[email protected]/lib/resolvers/file.ts:39
      return await fs.promises.readFile(path);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@hookform/resolvers

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #425dcda4775b2912 Environment-variable access.
pkgs/npm/@[email protected]/yup/src/yup.ts:97
      if (schemaOptions?.context && process.env.NODE_ENV === 'development') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@mistralai/mistralai

npm dependency
expand_more 41 low-confidence finding(s)
low env_fs tooling Excluded from app score unknown #b14157abe3cb11f0 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/async_audio_transcription_diarize.ts:3
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #373ab9ef9ed01aa1 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/async_audio_transcription_stream.ts:3
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #a71a85a9d2f8d32f Environment-variable access.
pkgs/npm/@[email protected]/examples/src/async_batch_jobs.ts:3
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #e53694ba75ccd3cf Environment-variable access.
pkgs/npm/@[email protected]/examples/src/async_chat_no_streaming.ts:3
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #ad29367ca2bb6292 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/async_chat_prediction.ts:3
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #f1ba2d21f830d51c Environment-variable access.
pkgs/npm/@[email protected]/examples/src/async_chat_streaming.ts:3
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #1f248195ecf8b90e Environment-variable access.
pkgs/npm/@[email protected]/examples/src/async_chat_with_image_no_streaming.ts:3
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #e9a73f663ab76af8 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/async_conversation_agent.ts:3
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #d23d3a0f0bb885ea Environment-variable access.
pkgs/npm/@[email protected]/examples/src/async_embeddings.ts:3
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #4e831ea384e2b42f Filesystem access.
pkgs/npm/@[email protected]/examples/src/async_files.ts:1
import * as fs from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #c7532af77e7148e0 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/async_files.ts:6
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #7cce2cc8f302c489 Filesystem access.
pkgs/npm/@[email protected]/examples/src/async_files.ts:19
const blob = new Blob([fs.readFileSync(filePath)], {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #ee4ff87f3509b9d8 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/async_function_calling.ts:4
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #dd8eec26b4b58d9a Environment-variable access.
pkgs/npm/@[email protected]/examples/src/async_function_calling_streaming.ts:3
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #07fecbac823bf170 Filesystem access.
pkgs/npm/@[email protected]/examples/src/async_jobs.ts:1
import * as fs from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #f36fdb16ac9f1400 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/async_jobs.ts:6
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #2692e672a0fbb6f7 Filesystem access.
pkgs/npm/@[email protected]/examples/src/async_jobs.ts:19
const blob = new Blob([fs.readFileSync(filePath)], {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #98e2142cfb6cbe32 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/async_json_format.ts:3
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #3a297c40270eda96 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/async_list_models.ts:3
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #8ae577aff1a721c1 Filesystem access.
pkgs/npm/@[email protected]/examples/src/async_ocr_process_from_file.ts:2
import fs from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #23bb13781a9e83d1 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/async_ocr_process_from_file.ts:6
const apiKey = process.env.MISTRAL_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #42ff96fc3bc6492e Filesystem access.
pkgs/npm/@[email protected]/examples/src/async_ocr_process_from_file.ts:16
const uploaded_file = fs.readFileSync(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #faa9367b8efaf6c2 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/async_ocr_process_from_url.ts:3
const apiKey = process.env.MISTRAL_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #875260f2a413536f Environment-variable access.
pkgs/npm/@[email protected]/examples/src/async_structured_outputs.ts:4
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #1546491905d7ba6c Environment-variable access.
pkgs/npm/@[email protected]/examples/src/azure/async_chat_no_streaming.ts:3
const azureAPIKey = process.env["AZURE_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #566929d8bbe31640 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/azure/async_chat_no_streaming.ts:8
const azureEndpoint = process.env["AZURE_ENDPOINT"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #476d3838d0abc126 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/error_handling.ts:4
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #6c9d6ea1ea5c203c Environment-variable access.
pkgs/npm/@[email protected]/examples/src/gcp/async_chat_no_streaming.ts:3
const projectId = process.env["GOOGLE_PROJECT_ID"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #0c869854fbef81fd Environment-variable access.
pkgs/npm/@[email protected]/examples/src/prompt_lifecycle.ts:3
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #2dbfc43b6e3019b2 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/realtime_microphone.ts:38
      default: process.env["MISTRAL_API_KEY"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #a93ea71bcee12898 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/realtime_microphone.ts:43
      default: process.env["MISTRAL_BASE_URL"] ?? "wss://api.mistral.ai",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #f5cb1a0ff4d37d30 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/realtime_microphone.ts:107
  const apiKey = args.apiKey ?? process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #3000e7284ca09552 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/realtime_transcription.ts:46
      default: process.env["MISTRAL_API_KEY"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #b7ed3e768c8542ad Environment-variable access.
pkgs/npm/@[email protected]/examples/src/realtime_transcription.ts:51
      default: process.env["MISTRAL_BASE_URL"] ?? "https://api.mistral.ai",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #c908629dfc332aac Environment-variable access.
pkgs/npm/@[email protected]/examples/src/realtime_transcription.ts:162
  const apiKey = args.apiKey ?? process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #80a2447efcfadfc8 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/reasoning.ts:3
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #f3ae19a7e956dbcb Environment-variable access.
pkgs/npm/@[email protected]/examples/src/reasoning_multi_turn.ts:14
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #8b9de485120316b4 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/reasoning_response_shape.ts:7
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #de2b832c08d6a5d4 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/reasoning_with_streaming.ts:3
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #1af392e28acede5e Environment-variable access.
pkgs/npm/@[email protected]/examples/src/skill_lifecycle.ts:3
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #64601cca6e8f697d Environment-variable access.
pkgs/npm/@[email protected]/packages/mistralai-azure/examples/chatComplete.example.ts:18
  apiKey: process.env["MISTRAL_API_KEY"] ?? "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@supabase/ssr

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #9dd69b6b70a46334 Environment-variable access.
pkgs/npm/@[email protected]/src/warnDeprecatedPackage.ts:19
  const packageName = process.env.npm_package_name;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@xenova/transformers

npm dependency
expand_more 6 low-confidence finding(s)
low env_fs dependency Excluded from app score #3610c51d5654d7c1 Filesystem access.
pkgs/npm/@[email protected]/src/env.js:25
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0bd9161d1f3dd53a Filesystem access.
pkgs/npm/@[email protected]/src/utils/hub.js:8
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f55c80b77d5964a8 Filesystem access.
pkgs/npm/@[email protected]/src/utils/hub.js:109
        const data = await fs.promises.readFile(this.filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9116051985fc0f7 Filesystem access.
pkgs/npm/@[email protected]/src/utils/hub.js:120
        const data = await fs.promises.readFile(this.filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3fabe1308460df5 Filesystem access.
pkgs/npm/@[email protected]/src/utils/hub.js:131
        const data = await fs.promises.readFile(this.filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5a172c7204b2244 Filesystem access.
pkgs/npm/@[email protected]/src/utils/hub.js:280
            await fs.promises.writeFile(outputPath, buffer);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

d3-dsv

npm dependency
expand_more 12 low-confidence finding(s)
low env_fs dependency Excluded from app score #38e75092677f12e9 Filesystem access.
pkgs/npm/[email protected]/bin/dsv2dsv.js:5
import {readFileSync} from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd9d5a0eb060bbcb Filesystem access.
pkgs/npm/[email protected]/bin/dsv2dsv.js:17
    .version(JSON.parse(readFileSync(resolve(dirname(fileURLToPath(import.meta.url)), "../package.json"))).version)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d5cfe0cc025863f Filesystem access.
pkgs/npm/[email protected]/bin/dsv2dsv.js:30
rw.dash.readFile(program.args[0] || "-", (error, text) => {
  if (error) throw error;
  rw.dash.writeFile("-", iconv.encode(outFormat.format(inFormat.parse(iconv.decode(text, options.inputEncoding))) + EOL, options.outputEncoding), (error) => {
    if (error) throw error;
  });
});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7231b91b727579b7 Filesystem access.
pkgs/npm/[email protected]/bin/dsv2dsv.js:32
  rw.dash.writeFile("-", iconv.encode(outFormat.format(inFormat.parse(iconv.decode(text, options.inputEncoding))) + EOL, options.outputEncoding), (error) => {
    if (error) throw error;
  });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #325930899f0ed772 Filesystem access.
pkgs/npm/[email protected]/bin/dsv2json.js:5
import {readFileSync} from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae989f1c0732d3db Filesystem access.
pkgs/npm/[email protected]/bin/dsv2json.js:16
    .version(JSON.parse(readFileSync(resolve(dirname(fileURLToPath(import.meta.url)), "../package.json"))).version)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1026c4d459a02bb3 Filesystem access.
pkgs/npm/[email protected]/bin/dsv2json.js:29
rw.dash.readFile(program.args[0] || "-", (error, text) => {
  if (error) throw error;
  const rowConverter = options.autoType ? dsv.autoType : null
  const rows = inFormat.parse(iconv.decode(text, options.inputEncoding), rowConverter);
  rw.dash.writeFile(options.out, iconv.encode(options.newlineDelimited
      ? rows.map((row) => JSON.stringify(row)).join("\n") + "\n"
      : JSON.stringify(rows) + EOL, options.outputEncoding), (error) => {
    if (error) throw error;
  });
});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80aad626a609f734 Filesystem access.
pkgs/npm/[email protected]/bin/dsv2json.js:33
  rw.dash.writeFile(options.out, iconv.encode(options.newlineDelimited
      ? rows.map((row) => JSON.stringify(row)).join("\n") + "\n"
      : JSON.stringify(rows) + EOL, options.outputEncoding), (error) => {
    if (error) throw error;
  });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c77f8596b6b768d1 Filesystem access.
pkgs/npm/[email protected]/bin/json2dsv.js:5
import {readFileSync} from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d6bbfcfbb4314be Filesystem access.
pkgs/npm/[email protected]/bin/json2dsv.js:16
    .version(JSON.parse(readFileSync(resolve(dirname(fileURLToPath(import.meta.url)), "../package.json"))).version)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5294e546fd01253a Filesystem access.
pkgs/npm/[email protected]/bin/json2dsv.js:28
rw.dash.readFile(program.args[0] || "-", (error, text) => {
  if (error) throw error;
  text = iconv.decode(text, options.inputEncoding);
  rw.dash.writeFile(options.out, iconv.encode(outFormat.format(options.newlineDelimited
      ? text.trim().split(/\r?\n/g).map((line) => JSON.parse(line))
      : JSON.parse(text)) + EOL, options.outputEncoding), (error) => {
    if (error) throw error;
  });
});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #680f55ba0acc5d4f Filesystem access.
pkgs/npm/[email protected]/bin/json2dsv.js:31
  rw.dash.writeFile(options.out, iconv.encode(outFormat.format(options.newlineDelimited
      ? text.trim().split(/\r?\n/g).map((line) => JSON.parse(line))
      : JSON.parse(text)) + EOL, options.outputEncoding), (error) => {
    if (error) throw error;
  });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

gpt-tokenizer

npm dependency
expand_more 24 low-confidence finding(s)
low env_fs dependency Excluded from app score #552fe03e75af108b Filesystem access.
pkgs/npm/[email protected]/cjs/GptEncoding.test.js:39
const fs_1 = __importDefault(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70b30cc7f5229260 Filesystem access.
pkgs/npm/[email protected]/cjs/GptEncoding.test.js:418
    const testPlanData = fs_1.default.readFileSync(testPlanPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dfb5bfac81fe680d Filesystem access.
pkgs/npm/[email protected]/esm/GptEncoding.test.js:1
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c3803b48be57a70 Filesystem access.
pkgs/npm/[email protected]/esm/GptEncoding.test.js:381
    const testPlanData = fs.readFileSync(testPlanPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b7f2fd980e36796 Filesystem access.
pkgs/npm/[email protected]/esm/codegen/generateByModel.js:1
import * as fs from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35eaa96aa57b5e6a Filesystem access.
pkgs/npm/[email protected]/esm/codegen/generateByModel.js:35
const template = await fs.readFile(path.join(__dirname, '../encoding/cl100k_base.ts'), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f89302af5dccf4e1 Filesystem access.
pkgs/npm/[email protected]/esm/codegen/generateByModel.js:68
    await fs.writeFile(path.join(__dirname, `../model/${modelName}.ts`), content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6575a22c365ab89a Filesystem access.
pkgs/npm/[email protected]/esm/codegen/generateChatEnabled.js:2
import * as fs from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c03e8160d2b4bff0 Filesystem access.
pkgs/npm/[email protected]/esm/codegen/generateChatEnabled.js:20
await fs.writeFile(path.join(__dirname, '../modelsChatEnabled.gen.ts'), tsFileContent);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44cc673313ac2b03 Filesystem access.
pkgs/npm/[email protected]/esm/codegen/generateJsBpe.js:2
import * as fs from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a1d04070ce0229a Environment-variable access.
pkgs/npm/[email protected]/esm/codegen/generateJsBpe.js:5
const DEBUG = process.env.DEBUG === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ceb4dfcc119506af Filesystem access.
pkgs/npm/[email protected]/esm/codegen/generateJsBpe.js:47
    const bpeFile = await fs.readFile(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b625620e06e8d82 Filesystem access.
pkgs/npm/[email protected]/esm/codegen/generateJsBpe.js:105
    await fs.writeFile(path.join(__dirname, `../bpeRanks/${modelName}.js`), `${preamble}
${jsCodeConstsForEachChunk.join('\n')}
/** @type {(string | number[])[]} */
const bpe = ${jsCodeBpeArray};
${jsCodeToResetHelperArrays.join('\n')}
export default bpe;`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37c003cb3916a4b3 Filesystem access.
pkgs/npm/[email protected]/src/GptEncoding.test.ts:1
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9c7f725517d96f1 Filesystem access.
pkgs/npm/[email protected]/src/GptEncoding.test.ts:500
  const testPlanData = fs.readFileSync(testPlanPath, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #352b3286f9016b55 Filesystem access.
pkgs/npm/[email protected]/src/codegen/generateByModel.ts:1
import * as fs from 'fs/promises'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6eed16b6233ad364 Filesystem access.
pkgs/npm/[email protected]/src/codegen/generateByModel.ts:55
const template = await fs.readFile(
  path.join(__dirname, '../encoding/cl100k_base.ts'),
  'utf8',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4864262356307d28 Filesystem access.
pkgs/npm/[email protected]/src/codegen/generateByModel.ts:111
    await fs.writeFile(
      path.join(__dirname, `../model/${modelName}.ts`),
      content,
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b102d7ce09eb9b8e Filesystem access.
pkgs/npm/[email protected]/src/codegen/generateChatEnabled.ts:2
import * as fs from 'fs/promises'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d997ea54e43ceca Filesystem access.
pkgs/npm/[email protected]/src/codegen/generateChatEnabled.ts:31
await fs.writeFile(
  path.join(__dirname, '../modelsChatEnabled.gen.ts'),
  tsFileContent,
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #296a2abc6972bb8d Filesystem access.
pkgs/npm/[email protected]/src/codegen/generateJsBpe.ts:2
import * as fs from 'fs/promises'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8441343d981419f4 Environment-variable access.
pkgs/npm/[email protected]/src/codegen/generateJsBpe.ts:7
const DEBUG = process.env.DEBUG === 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e152ebdb594d1387 Filesystem access.
pkgs/npm/[email protected]/src/codegen/generateJsBpe.ts:57
    const bpeFile = await fs.readFile(filePath, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70a1f8969f6441ec Filesystem access.
pkgs/npm/[email protected]/src/codegen/generateJsBpe.ts:138
    await fs.writeFile(
      path.join(__dirname, `../bpeRanks/${modelName}.js`),
      `${preamble}
${jsCodeConstsForEachChunk.join('\n')}
/** @type {(string | number[])[]} */
const bpe = ${jsCodeBpeArray};
${jsCodeToResetHelperArrays.join('\n')}
export default bpe;`,
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

i18next-resources-to-backend

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #fb7cb2222e523795 Filesystem access.
pkgs/npm/[email protected]/rollup.config.js:5
import { readFileSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #640617076bdfb54d Filesystem access.
pkgs/npm/[email protected]/rollup.config.js:6
const pkg = JSON.parse(readFileSync(new URL('package.json', import.meta.url)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

mammoth

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #7c989658450f105a Filesystem access.
pkgs/npm/[email protected]/lib/docx/files.js:1
var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #543f4afdf4332f02 Filesystem access.
pkgs/npm/[email protected]/lib/main.js:3
var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8237507abfc14618 Filesystem access.
pkgs/npm/[email protected]/lib/unzip.js:1
var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

next-pwa

npm dependency
expand_more 16 low-confidence finding(s)
low env_fs dependency Excluded from app score #4930562fdecd3f23 Filesystem access.
pkgs/npm/[email protected]/build-custom-worker.js:4
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9de5939a9696c311 Filesystem access.
pkgs/npm/[email protected]/build-fallback-worker.js:4
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce2edcc71c3a544d Environment-variable access.
pkgs/npm/[email protected]/fallback.js:7
      if (process.env.__PWA_FALLBACK_DOCUMENT__)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c4b5fedddd04db9 Environment-variable access.
pkgs/npm/[email protected]/fallback.js:8
        return caches.match(process.env.__PWA_FALLBACK_DOCUMENT__, { ignoreSearch: true })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a41e4ead126bf6dc Environment-variable access.
pkgs/npm/[email protected]/fallback.js:10
      if (process.env.__PWA_FALLBACK_IMAGE__)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4596bf54c43749a Environment-variable access.
pkgs/npm/[email protected]/fallback.js:11
        return caches.match(process.env.__PWA_FALLBACK_IMAGE__, { ignoreSearch: true })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5436bf2d162fffd8 Environment-variable access.
pkgs/npm/[email protected]/fallback.js:13
      if (process.env.__PWA_FALLBACK_AUDIO__)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdc27d4e97d9496e Environment-variable access.
pkgs/npm/[email protected]/fallback.js:14
        return caches.match(process.env.__PWA_FALLBACK_AUDIO__, { ignoreSearch: true })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6033d59891b2d6b6 Environment-variable access.
pkgs/npm/[email protected]/fallback.js:16
      if (process.env.__PWA_FALLBACK_VIDEO__)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab6d05a1d2fb5948 Environment-variable access.
pkgs/npm/[email protected]/fallback.js:17
        return caches.match(process.env.__PWA_FALLBACK_VIDEO__, { ignoreSearch: true })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #492c33214246884c Environment-variable access.
pkgs/npm/[email protected]/fallback.js:19
      if (process.env.__PWA_FALLBACK_FONT__)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #adffd73655bdaedb Environment-variable access.
pkgs/npm/[email protected]/fallback.js:20
        return caches.match(process.env.__PWA_FALLBACK_FONT__, { ignoreSearch: true })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #769e5f716d3cae27 Environment-variable access.
pkgs/npm/[email protected]/fallback.js:22
      if (process.env.__PWA_FALLBACK_DATA__ && request.url.match(/\/_next\/data\/.+\/.+\.json$/i))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #435852030b1a0859 Environment-variable access.
pkgs/npm/[email protected]/fallback.js:23
        return caches.match(process.env.__PWA_FALLBACK_DATA__, { ignoreSearch: true })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed9ddcc735a728b0 Filesystem access.
pkgs/npm/[email protected]/index.js:4
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9020e4edb912116f Filesystem access.
pkgs/npm/[email protected]/index.js:13
const getRevision = file => crypto.createHash('md5').update(fs.readFileSync(file)).digest('hex')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

openai

npm dependency
expand_more 9 low-confidence finding(s)
low egress dependency Excluded from app score #0de58b04a59ae251 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/auth/subject-token-providers.js:50
            const url = new URL(AZURE_IMDS_BASE_URL);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f7172309a582b61d Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/auth/subject-token-providers.js:97
            const url = new URL(`http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/identity`);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #9fd738e7989df31e Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/auth/subject-token-providers.mjs:44
            const url = new URL(AZURE_IMDS_BASE_URL);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #3fa45baa44a88498 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/auth/subject-token-providers.mjs:91
            const url = new URL(`http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/identity`);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #af5b358e7edc3bc9 Environment-variable access.
pkgs/npm/[email protected]/azure.js:44
                endpoint = process.env['AZURE_OPENAI_ENDPOINT'];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e18194ab82eedcc3 Environment-variable access.
pkgs/npm/[email protected]/azure.mjs:40
                endpoint = process.env['AZURE_OPENAI_ENDPOINT'];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #e865c97a58f38c14 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/src/auth/subject-token-providers.ts:81
      const url = new URL(AZURE_IMDS_BASE_URL);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2c585980c2dbcdce Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/src/auth/subject-token-providers.ts:145
      const url = new URL(
        `http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/identity`,
      );

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #0a16479cfe23c6bd Environment-variable access.
pkgs/npm/[email protected]/src/azure.ts:101
        endpoint = process.env['AZURE_OPENAI_ENDPOINT'];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pdf-parse

npm dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #453766da88168573 Filesystem access.
pkgs/npm/[email protected]/bin/cli.mjs:27
	const pkg = JSON.parse(await readFile(new URL('../package.json', import.meta.url)));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be592bcbed4ca176 Filesystem access.
pkgs/npm/[email protected]/bin/cli.mjs:103
		const data = await readFile(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bd7c4b9aabb04e3 Filesystem access.
pkgs/npm/[email protected]/bin/cli.mjs:156
		await writeFile(options.output, output);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40e7dcf3c31ed745 Filesystem access.
pkgs/npm/[email protected]/bin/cli.mjs:167
		await writeFile(options.output, output);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86287ff0f4f89963 Filesystem access.
pkgs/npm/[email protected]/bin/cli.mjs:179
		await writeFile(options.output, output);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #853e71208aa3995e Filesystem access.
pkgs/npm/[email protected]/bin/cli.mjs:208
				await writeFile(filepath, image.data);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff31174faf7ac24f Filesystem access.
pkgs/npm/[email protected]/bin/cli.mjs:278
			await writeFile(filepath, page.data);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b7805254cb55cb0 Filesystem access.
pkgs/npm/[email protected]/bin/cli.test.mjs:59
	await fs.writeFile(dummyFile, 'dummy content');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c88f87232db687a Filesystem access.
pkgs/npm/[email protected]/bin/cli.test.mjs:90
	await fs.writeFile(dummyFile, 'dummy content');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

react

npm dependency
expand_more 14 low-confidence finding(s)
low env_fs dependency Excluded from app score #3ba3427e8a488e4c Environment-variable access.
pkgs/npm/[email protected]/cjs/react-compiler-runtime.development.js:12
"production" !== process.env.NODE_ENV &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #070dd320866deea8 Environment-variable access.
pkgs/npm/[email protected]/cjs/react-jsx-dev-runtime.development.js:12
"production" !== process.env.NODE_ENV &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #266fcc9acbbf3722 Environment-variable access.
pkgs/npm/[email protected]/cjs/react-jsx-dev-runtime.react-server.development.js:12
"production" !== process.env.NODE_ENV &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #783b6be3c6bbb1e3 Environment-variable access.
pkgs/npm/[email protected]/cjs/react-jsx-runtime.development.js:12
"production" !== process.env.NODE_ENV &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7d97bc8e0d44804 Environment-variable access.
pkgs/npm/[email protected]/cjs/react-jsx-runtime.react-server.development.js:12
"production" !== process.env.NODE_ENV &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7069a6aa19e093d Environment-variable access.
pkgs/npm/[email protected]/cjs/react.development.js:12
"production" !== process.env.NODE_ENV &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e3362efa1626148 Environment-variable access.
pkgs/npm/[email protected]/cjs/react.react-server.development.js:12
"production" !== process.env.NODE_ENV &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e447b87dd6a5ec74 Environment-variable access.
pkgs/npm/[email protected]/compiler-runtime.js:10
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29138c224522d73c Environment-variable access.
pkgs/npm/[email protected]/index.js:3
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2538ac64e3ddd43 Environment-variable access.
pkgs/npm/[email protected]/jsx-dev-runtime.js:3
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d617ffc58d817e74 Environment-variable access.
pkgs/npm/[email protected]/jsx-dev-runtime.react-server.js:3
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8988a71db5c53f7c Environment-variable access.
pkgs/npm/[email protected]/jsx-runtime.js:3
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c785ba06b748af45 Environment-variable access.
pkgs/npm/[email protected]/jsx-runtime.react-server.js:3
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be988e30558310b8 Environment-variable access.
pkgs/npm/[email protected]/react.react-server.js:3
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

react-dom

npm dependency
expand_more 24 low-confidence finding(s)
low env_fs dependency Excluded from app score #c7bf15bd6ea11166 Environment-variable access.
pkgs/npm/[email protected]/cjs/react-dom-profiling.development.js:15
"production" !== process.env.NODE_ENV &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95f8f53279d04780 Environment-variable access.
pkgs/npm/[email protected]/cjs/react-dom-server-legacy.browser.development.js:36
"production" !== process.env.NODE_ENV &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c312d51e6b92341 Environment-variable access.
pkgs/npm/[email protected]/cjs/react-dom-server-legacy.node.development.js:36
"production" !== process.env.NODE_ENV &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9abe5ac2e596eb47 Environment-variable access.
pkgs/npm/[email protected]/cjs/react-dom-server.browser.development.js:36
"production" !== process.env.NODE_ENV &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd81c5609c19e43b Environment-variable access.
pkgs/npm/[email protected]/cjs/react-dom-server.edge.development.js:36
"production" !== process.env.NODE_ENV &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf87e09004067f7b Environment-variable access.
pkgs/npm/[email protected]/cjs/react-dom-server.node.development.js:12
"production" !== process.env.NODE_ENV &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e39206597673ebf Environment-variable access.
pkgs/npm/[email protected]/cjs/react-dom-test-utils.development.js:12
"production" !== process.env.NODE_ENV &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d42fcc86069ebc27 Environment-variable access.
pkgs/npm/[email protected]/cjs/react-dom.development.js:12
"production" !== process.env.NODE_ENV &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45d2f6aa7d142df6 Environment-variable access.
pkgs/npm/[email protected]/cjs/react-dom.react-server.development.js:12
"production" !== process.env.NODE_ENV &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6834607ee793d2e Environment-variable access.
pkgs/npm/[email protected]/client.js:11
  if (process.env.NODE_ENV !== 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #222ba0bf1d8d6301 Environment-variable access.
pkgs/npm/[email protected]/client.js:31
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a1de0aff8620ddf Environment-variable access.
pkgs/npm/[email protected]/index.js:11
  if (process.env.NODE_ENV !== 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10dcbbc927042e52 Environment-variable access.
pkgs/npm/[email protected]/index.js:31
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #415bf434e897c955 Environment-variable access.
pkgs/npm/[email protected]/profiling.js:11
  if (process.env.NODE_ENV !== 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ed48c60a2239ffe Environment-variable access.
pkgs/npm/[email protected]/profiling.js:31
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1dc20fbcbbf015e Environment-variable access.
pkgs/npm/[email protected]/react-dom.react-server.js:3
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e91d4514fc80abcf Environment-variable access.
pkgs/npm/[email protected]/server.browser.js:4
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2cfb367cb7e7f19 Environment-variable access.
pkgs/npm/[email protected]/server.bun.js:5
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cffeb1d2fbad09bc Environment-variable access.
pkgs/npm/[email protected]/server.edge.js:5
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #adea9555f1e9b6c7 Environment-variable access.
pkgs/npm/[email protected]/server.node.js:4
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4fb8a962fadcbe2d Environment-variable access.
pkgs/npm/[email protected]/static.browser.js:4
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb0ab17d887b8f6f Environment-variable access.
pkgs/npm/[email protected]/static.edge.js:4
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #081dc72c0ef8168b Environment-variable access.
pkgs/npm/[email protected]/static.node.js:4
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56f6e9d5cc43edab Environment-variable access.
pkgs/npm/[email protected]/test-utils.js:3
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

react-syntax-highlighter

npm dependency
expand_more 24 low-confidence finding(s)
low env_fs tooling Excluded from app score unknown #5332ddc15cff4d6d Filesystem access.
pkgs/npm/[email protected]/scripts/build-languages-highlightjs.js:6
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #7f0ee8b50e8f58e5 Filesystem access.
pkgs/npm/[email protected]/scripts/build-languages-highlightjs.js:34
  fs.writeFile(
    path.join(__dirname, `../src/async-languages/hljs.js`),
    lines.join('\n'),
    err => {
      if (err) {
        throw err;
      }
    }
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #d10d22abbfa5abf5 Filesystem access.
pkgs/npm/[email protected]/scripts/build-languages-highlightjs.js:50
  fs.writeFile(
    path.join(__dirname, `../src/languages/hljs/supported-languages.js`),
    lines.join(''),
    err => {
      if (err) {
        throw err;
      }
    }
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #63f9e4eabec50b22 Filesystem access.
pkgs/npm/[email protected]/scripts/build-languages-highlightjs.js:70
  fs.writeFile(
    path.join(__dirname, `../src/languages/hljs/${file}`),
    lines.join(';\n'),
    err => {
      if (err) {
        throw err;
      }
    }
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #d3505b2538ba5c28 Filesystem access.
pkgs/npm/[email protected]/scripts/build-languages-highlightjs.js:103
    fs.writeFile(
      path.join(__dirname, '../AVAILABLE_LANGUAGES_HLJS.MD'),
      languageMD,
      err => {
        if (err) {
          throw err;
        }
      }
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #d285a3278b0040a9 Filesystem access.
pkgs/npm/[email protected]/scripts/build-languages-highlightjs.js:117
    fs.writeFile(
      path.join(__dirname, '../src/languages/hljs/index.js'),
      defaultExports.join(''),
      err => {
        if (err) {
          throw err;
        }
      }
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #3ef87046669faec6 Filesystem access.
pkgs/npm/[email protected]/scripts/build-languages-refractor.js:6
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #6ea70faf4a135327 Filesystem access.
pkgs/npm/[email protected]/scripts/build-languages-refractor.js:30
  fs.writeFile(
    path.join(__dirname, `../src/languages/prism/${file}`),
    lines.join(';\n'),
    err => {
      if (err) {
        process.exit(1);
      }
    }
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #2d9631aeddb17807 Filesystem access.
pkgs/npm/[email protected]/scripts/build-languages-refractor.js:53
  fs.writeFile(
    path.join(__dirname, `../src/languages/prism/supported-languages.js`),
    lines.join(''),
    err => {
      if (err) {
        throw err;
      }
    }
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #ba3866694b9d8015 Filesystem access.
pkgs/npm/[email protected]/scripts/build-languages-refractor.js:73
  fs.writeFile(
    path.join(__dirname, `../src/async-languages/prism.js`),
    lines.join('\n'),
    err => {
      if (err) {
        throw err;
      }
    }
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #2efb102e01ef1a9f Filesystem access.
pkgs/npm/[email protected]/scripts/build-languages-refractor.js:108
    fs.writeFile(
      path.join(__dirname, '../AVAILABLE_LANGUAGES_PRISM.MD'),
      languageMD,
      err => {
        if (err) {
          process.exit(1);
        }
      }
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #773010d9a4970d1c Filesystem access.
pkgs/npm/[email protected]/scripts/build-languages-refractor.js:122
    fs.writeFile(
      path.join(__dirname, '../src/languages/prism/index.js'),
      defaultExports.join(''),
      err => {
        if (err) {
          process.exit(1);
        }
      }
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #0b16abbcd3229e5d Filesystem access.
pkgs/npm/[email protected]/scripts/build-stylesheets-highlightjs.js:6
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #31e15c1988b0c2ea Filesystem access.
pkgs/npm/[email protected]/scripts/build-stylesheets-highlightjs.js:35
    fs.writeFile(
      path.join(__dirname, '../AVAILABLE_STYLES_HLJS.MD'),
      styleMD,
      err => {
        if (err) {
          throw err;
        }
      }
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #cf14d01a174654a8 Filesystem access.
pkgs/npm/[email protected]/scripts/build-stylesheets-highlightjs.js:44
    fs.writeFile(
      path.join(__dirname, '../src/styles/hljs/index.js'),
      defaultExports.join(''),
      err => {
        if (err) {
          throw err;
        }
      }
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #052f3685f2800f3c Filesystem access.
pkgs/npm/[email protected]/scripts/build-stylesheets-highlightjs.js:57
    fs.writeFile(
      path.join(__dirname, '../demo/styles/hljs.js'),
      demoStylesArray,
      err => {
        if (err) {
          throw err;
        }
      }
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #21f90eac24b6666f Filesystem access.
pkgs/npm/[email protected]/scripts/build-stylesheets-highlightjs.js:75
  fs.readFile(
    path.join(__dirname, `../node_modules/highlight.js/styles/${file}`),
    'utf-8',
    (err, data) => {
      if (err) {
        throw err;
      }
      const javacriptStylesheet = css
        .parse(data)
        .stylesheet.rules.reduce((sheet, rule) => {
          if (rule.type === 'rule') {
            const style = rule.selectors.reduce((selectors, selector) => {
              if (!selector.includes(ignoreStyleWithThis)) {
                const selectorObject = rule.declarations.reduce(
                  (declarations, declaration) => {
                    if (
                      declaration.type === 'declaration' &&
                      declaration.property
                    ) {
                      declarations[camel(declaration.property)] =
                        declaration.value;
                    }
                    return declarations;
                  },
                  {}
                );
                selectors[selector.substring(1)] = selectorObject;
              }
              return selectors;
            }, {});
            sheet = Object.keys(style).reduce((stylesheet, selector) => {
              if (stylesheet[selector]) {
                stylesheet[selector] = Object.assign(
                  {},
                  stylesheet[selector],
                  style[selector]
                );
              } else {
                stylesheet[selector] = style[selector];
              }
              return stylesheet;
            }, sheet);
          }
          return sheet;
        }, {});
      fs.writeFile(
        path.join(__dirname, `../src/styles/hljs/${fileWithoutCSS}.js`),
        `export default ${JSON.stringify(javacriptStylesheet, null, 4)}`,
        err => {
          if (err) {
            throw err;
          }
        }
      );
    }
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #c5a6fe6a386382c1 Filesystem access.
pkgs/npm/[email protected]/scripts/build-stylesheets-highlightjs.js:120
      fs.writeFile(
        path.join(__dirname, `../src/styles/hljs/${fileWithoutCSS}.js`),
        `export default ${JSON.stringify(javacriptStylesheet, null, 4)}`,
        err => {
          if (err) {
            throw err;
          }
        }
      );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #b0e30f22210b6731 Filesystem access.
pkgs/npm/[email protected]/scripts/build-stylesheets-refractor.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #39728ab1987b7a64 Filesystem access.
pkgs/npm/[email protected]/scripts/build-stylesheets-refractor.js:53
  fs.writeFile(
    path.join(__dirname, '../AVAILABLE_STYLES_PRISM.MD'),
    styleMD,
    () => {}
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #4fa36880c67bb6cd Filesystem access.
pkgs/npm/[email protected]/scripts/build-stylesheets-refractor.js:58
  fs.writeFile(
    path.join(__dirname, '../src/styles/prism/index.js'),
    defaultExports.join(''),
    () => {}
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #430f7ece7cfefc11 Filesystem access.
pkgs/npm/[email protected]/scripts/build-stylesheets-refractor.js:67
  fs.writeFile(
    path.join(__dirname, '../demo/styles/prism.js'),
    demoStylesArray,
    err => {
      if (err) {
        throw err;
      }
    }
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #d30a4f829854b700 Filesystem access.
pkgs/npm/[email protected]/scripts/build-stylesheets-refractor.js:82
  fs.readFile(
    path.join(__dirname, `${directory}/${file}`),
    'utf-8',
    (err, data) => {
      const javacriptStylesheet = css
        .parse(data)
        .stylesheet.rules.reduce((sheet, rule) => {
          if (rule.type === 'rule') {
            const style = rule.selectors.reduce((selectors, selector) => {
              const selectorObject = rule.declarations.reduce(
                (declarations, declaration) => {
                  if (
                    declaration.type === 'declaration' &&
                    declaration.property
                  ) {
                    const camelCaseDeclarationProp = camel(
                      declaration.property
                    );
                    const key =
                      camelCaseDeclarationProp.includes('moz') ||
                      camelCaseDeclarationProp.includes('webkit') ||
                      (camelCaseDeclarationProp[0] === 'o' &&
                        !camelCaseDeclarationProp.includes('overflow'))
                        ? `${camelCaseDeclarationProp
                            .substring(0, 1)
                            .toUpperCase()}${camelCaseDeclarationProp.substring(
                            1
                          )}`
                        : camelCaseDeclarationProp;
                    declarations[key] = declaration.value;
                  }
                  return declarations;
                },
                {}
              );

              if (selector.substring(0, 6) === '.token') {
                selector = selector.substring(7);

                // Regex to fix Prism theme selectors
                // - Remove further `.token` classes
                // - Remove the space (descendant combinator)
                //   to allow for styling multiple classes
                //   Ref: https://github.com/react-syntax-highlighter/react-syntax-highlighter/pull/305
                selector = selector.replace(/(?<=\w) (\.token)?(?=\.)/g, '');
              }
              selectors[selector] = selectorObject;
              return selectors;
            }, {});
            sheet = Object.keys(style).reduce((stylesheet, selector) => {
              if (stylesheet[selector]) {
                stylesheet[selector] = Object.assign(
                  {},
                  stylesheet[selector],
                  style[selector]
                );
              } else {
                stylesheet[selector] = style[selector];
              }
              return stylesheet;
            }, sheet);
          }
          return sheet;
        }, {});
      fs.writeFile(
        path.join(__dirname, `../src/styles/prism/${fileWithoutCSS}.js`),
        `export default ${JSON.stringify(javacriptStylesheet, null, 4)}`,
        () => {}
      );
    }
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #30849eb34a80b825 Filesystem access.
pkgs/npm/[email protected]/scripts/build-stylesheets-refractor.js:146
      fs.writeFile(
        path.join(__dirname, `../src/styles/prism/${fileWithoutCSS}.js`),
        `export default ${JSON.stringify(javacriptStylesheet, null, 4)}`,
        () => {}
      );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

  • @azure/openai prod — dist-only: no readable source
  • @google/generative-ai prod — dist-only: no readable source
  • @radix-ui/react-accordion prod — dist-only: no readable source
  • @radix-ui/react-aspect-ratio prod — dist-only: no readable source
  • @radix-ui/react-avatar prod — dist-only: no readable source
  • @radix-ui/react-checkbox prod — dist-only: no readable source
  • @radix-ui/react-collapsible prod — dist-only: no readable source
  • @radix-ui/react-context-menu prod — dist-only: no readable source
  • @radix-ui/react-dialog prod — dist-only: no readable source
  • @radix-ui/react-dropdown-menu prod — dist-only: no readable source
  • @radix-ui/react-hover-card prod — dist-only: no readable source
  • @radix-ui/react-label prod — dist-only: no readable source
  • @radix-ui/react-menubar prod — dist-only: no readable source
  • @radix-ui/react-navigation-menu prod — dist-only: no readable source
  • @radix-ui/react-popover prod — dist-only: no readable source
  • @radix-ui/react-progress prod — dist-only: no readable source
  • @radix-ui/react-radio-group prod — dist-only: no readable source
  • @radix-ui/react-scroll-area prod — dist-only: no readable source
  • @radix-ui/react-select prod — dist-only: no readable source
  • @radix-ui/react-separator prod — dist-only: no readable source
  • @radix-ui/react-slider prod — dist-only: no readable source
  • @radix-ui/react-slot prod — dist-only: no readable source
  • @radix-ui/react-switch prod — dist-only: no readable source
  • @radix-ui/react-tabs prod — dist-only: no readable source
  • @radix-ui/react-toast prod — dist-only: no readable source
  • @radix-ui/react-toggle prod — dist-only: no readable source
  • @radix-ui/react-toggle-group prod — dist-only: no readable source
  • @radix-ui/react-tooltip prod — dist-only: no readable source
  • @tabler/icons-react prod — dist-only: no readable source
  • @vercel/edge-config prod — dist-only: no readable source
  • class-variance-authority prod — dist-only: no readable source
  • cmdk prod — dist-only: no readable source
  • next prod — tarball exceeds byte cap
  • next-themes prod — dist-only: no readable source
  • react-hook-form prod — dist-only: no readable source
  • react-textarea-autosize prod — dist-only: no readable source
  • sonner prod — dist-only: no readable source