Close Open Privacy Scan

bolt Snapshot: commit 7103c3a
science engine v2
schedule 2026-07-02T03:15:45.266707+00:00

verified_user No application data leak found

No high-confidence exfiltration was found in application code.

Incomplete scan — only 0/200 dependencies were analyzed. Treat the score as provisional.

App Privacy Score

92 /100
Low privacy risk

Low risk · 798 finding(s)

Dependency score: 100 (Low risk)

bar_chart Score Breakdown

egress −5
env_fs −3

list Scan Summary

0 high 0 medium 798 low
First-party packages: 43
Dependency packages: 0
Ecosystem: npm

swap_horiz External domains

sponsors.vite.dev

</> First-Party Code

first-party (npm)

npm first-party
expand_more 329 low-confidence finding(s)
low env_fs production #a9d1a9ea232c4aaf Filesystem access.
repo/docs/.vitepress/buildEnd.config.ts:49
  writeFileSync(path.join(config.outDir, 'blog.rss'), feed.rss2())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d2d67be7eac8cbb Environment-variable access.
repo/docs/.vitepress/config.ts:26
const deployURL = process.env.DEPLOY_PRIME_URL || ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b7b6a620edbc2af Environment-variable access.
repo/docs/.vitepress/config.ts:27
const commitRef = process.env.COMMIT_REF?.slice(0, 8) || 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #b00fd28394848fba Hardcoded external endpoint. Review what data is sent to this destination.
repo/docs/.vitepress/theme/composables/sponsor.ts:18
    const result = await fetch('https://sponsors.vite.dev/sponsors.json')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #6fb1bacc0c70ddc4 Filesystem access.
repo/docs/_data/acknowledgements.data.ts:114
  const content = fs.readFileSync(licensePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b2e276f849d16db Filesystem access.
repo/docs/_data/acknowledgements.data.ts:202
    const content = fs.readFileSync(packagePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a49205e5f4c17194 Environment-variable access.
repo/eslint.config.js:13
const shouldTypeCheck = typeof process.env.VSCODE_PID === 'string'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #90f5cd7ebd6525bf Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:32
  fs.writeFileSync(pkgJson, '{ "foo": "bar" }')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #58f5ae4629230a11 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:179
  const configFile = fs.readFileSync(
    path.join(genPath, 'vite.config.ts'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8884839a2024badc Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:183
  const packageJsonFile = fs.readFileSync(
    path.join(genPath, 'package.json'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d6b699cbb2d50cb5 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:187
  const readmeFile = fs.readFileSync(path.join(genPath, 'README.md'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #afb6a2d3d740c10a Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:205
  const pkg = fs.readFileSync(path.join(genPath, 'package.json'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6e540620cd02edf5 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:210
  const readme = fs.readFileSync(path.join(genPath, 'README.md'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #134a177ccb9b8c3f Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:224
  const pkg = fs.readFileSync(path.join(genPath, 'package.json'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f37fc1a3d95b9200 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:288
  const indexHtmlContent = fs.readFileSync(indexHtmlPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #746e567f63769701 Environment-variable access.
repo/packages/create-vite/src/index.ts:415
  if (process.env._VITE_TEST_CLI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #274f26cf6761f290 Environment-variable access.
repo/packages/create-vite/src/index.ts:429
  if (process.env._VITE_TEST_CLI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #76bcea3f861c5fb1 Environment-variable access.
repo/packages/create-vite/src/index.ts:466
  const pkgInfo = pkgFromUserAgent(process.env.npm_config_user_agent)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ae2c23e159459157 Filesystem access.
repo/packages/create-vite/src/index.ts:676
      fs.writeFileSync(targetPath, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f89189a5bdbc832f Filesystem access.
repo/packages/create-vite/src/index.ts:679
      const templateContent = fs.readFileSync(templatePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a15a46a3473cfaf4 Filesystem access.
repo/packages/create-vite/src/index.ts:684
      fs.writeFileSync(targetPath, updatedContent)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ac767b909ed5edc Filesystem access.
repo/packages/create-vite/src/index.ts:696
    fs.readFileSync(path.join(templateDir, `package.json`), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #507723ab2c884d97 Filesystem access.
repo/packages/create-vite/src/index.ts:914
  fs.writeFileSync(path.resolve(root, 'eslint.config.js'), eslintConfig)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7724575c9691fdd2 Filesystem access.
repo/packages/create-vite/src/index.ts:1043
  const content = fs.readFileSync(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bf1fb3c3a16a981b Filesystem access.
repo/packages/create-vite/src/index.ts:1044
  fs.writeFileSync(file, callback(content), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #75e2a4249bc50375 Filesystem access.
repo/packages/plugin-legacy/src/__tests__/readme.spec.ts:7
  const readme = fs.readFileSync(
    path.resolve(import.meta.dirname, '../../README.md'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d85f208c0d39f9ee Environment-variable access.
repo/packages/plugin-legacy/src/index.ts:163
  const debugFlags = (process.env.DEBUG || '').split(',')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d521874427fe648b Environment-variable access.
repo/packages/vite/bin/vite.js:6
  if (!process.env.DEBUG_DISABLE_SOURCE_MAP) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d01b8758a9d47f8c Environment-variable access.
repo/packages/vite/bin/vite.js:36
  process.env.DEBUG = `${

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9d666f19508121d9 Environment-variable access.
repo/packages/vite/bin/vite.js:37
    process.env.DEBUG ? process.env.DEBUG + ',' : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f289025d494109b Environment-variable access.
repo/packages/vite/bin/vite.js:43
      process.env.VITE_DEBUG_FILTER = filter

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #76783b3f378f0b5c Filesystem access.
repo/packages/vite/rolldown.config.ts:12
  readFileSync(new URL('./package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #782e481113a18910 Environment-variable access.
repo/packages/vite/rolldown.config.ts:14
const disableSourceMap = !!process.env.DEBUG_DISABLE_SOURCE_MAP

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #375f4008d0c052da Filesystem access.
repo/packages/vite/rolldown.config.ts:186
        writeFileSync(
          'dist/node/index.d.ts',
          "export * from '../../src/node/index.ts'",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83eaea105e46570c Filesystem access.
repo/packages/vite/rolldown.config.ts:190
        writeFileSync(
          'dist/node/module-runner.d.ts',
          "export * from '../../src/module-runner/index.ts'",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6888b3ad0b16721 Filesystem access.
repo/packages/vite/rolldown.dts.config.ts:23
  readFileSync(new URL('./package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a02b2dff027d1b4f Filesystem access.
repo/packages/vite/rollupLicensePlugin.ts:17
      const coreLicense = fs.readFileSync(
        new URL('../../LICENSE', import.meta.url),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7510351f4a96e6ff Filesystem access.
repo/packages/vite/rollupLicensePlugin.ts:108
      const existingLicenseText = fs.readFileSync(licenseFilePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a90f98c6f4f499c4 Filesystem access.
repo/packages/vite/rollupLicensePlugin.ts:110
        fs.writeFileSync(licenseFilePath, licenseText)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #deef39ee621e94c6 Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1152
  const content = await fsp.readFile(entry, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #949e0519ef6b6266 Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1153
  await fsp.writeFile(
    entry,
    content.replace(`import('./dep.js')`, `'dep.js removed'`),
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7ef9810999ebace0 Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1158
    await fsp.writeFile(entry, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8c6d0364db013a90 Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1188
    fsp.readFile(resolve(root, 'dist/favicon.svg'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #763c9fa9e5b6c2d3 Filesystem access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1386
      fs.writeFileSync(path.resolve(root, fileName), content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4c45cf95f42ec299 Filesystem access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1390
      fs.writeFileSync(
        path.resolve(root, 'package.json'),
        JSON.stringify({
          name: '@vitejs/test-load-config-from-file',
          type: typeField,
        }),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b156b862f0f3cff5 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1599
    delete process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7c4841ac40e396d4 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1603
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'example.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e244371295203643 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1613
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a233f0ebcbacfc3e Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1628
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e42d4c25e484bf53 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1643
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2bdbc3c268ca159d Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1654
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'new.com,another.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #32b8f02994563f6a Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1668
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'example.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ca57a87e358a0ce5 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1680
      process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = env

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c53797119d82b818 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:54
    expect(process.env.VITE_USER_NODE_ENV).toEqual(undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f6e43393b6b28159 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:58
    const _nodeEnv = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #72a07038285ea67e Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:59
    process.env.NODE_ENV = 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c6577782ffc6ac43 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:61
    expect(process.env.VITE_USER_NODE_ENV).toEqual('development')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #49f8357034cf0937 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:62
    process.env.NODE_ENV = _nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4c7ca2b1bd5c8f2c Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:66
    process.env.VITE_USER_NODE_ENV = 'test'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #14986a9fc0d59199 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:68
    expect(process.env.VITE_USER_NODE_ENV).toEqual('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #882097e96421245d Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:72
    process.env.VITE_ENV_TEST_ENV = 'EXIST'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f995eb5da1d24f98 Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/cssPreprocessorTeardown.spec.ts:25
    fs.writeFileSync(scssPath, '$c: red;\nbody { color: $c; }\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d320987d130dba7e Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/cssPreprocessorTeardown.spec.ts:37
        fs.readFileSync(scssPath, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8d84384cfcf5ee94 Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/importGlob/fixture.spec.ts:14
      await transformWithEsbuild(await fs.readFile(id, 'utf-8'), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a063bd462e28e634 Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/importGlob/fixture.spec.ts:85
      await transformWithEsbuild(await fs.readFile(id, 'utf-8'), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2bdaa9bc9b615a95 Environment-variable access.
repo/packages/vite/src/node/build.ts:1091
  const tty = process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ab2d65bc8d0a588 Filesystem access.
repo/packages/vite/src/node/cli.ts:79
        fs.writeFileSync(outPath, JSON.stringify(profile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1a6a4d607a6a35da Environment-variable access.
repo/packages/vite/src/node/config.ts:1422
  if (process.env.NODE_ENV === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cec61bd09ba024af Environment-variable access.
repo/packages/vite/src/node/config.ts:1425
      process.env.NODE_ENV = nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6b89f791ef222e61 Environment-variable access.
repo/packages/vite/src/node/config.ts:1428
  const isNodeEnvSet = !!process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d186a8c67b15a98 Environment-variable access.
repo/packages/vite/src/node/config.ts:1434
    process.env.NODE_ENV = defaultNodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #274810f343d0cabf Environment-variable access.
repo/packages/vite/src/node/config.ts:1730
  const userNodeEnv = process.env.VITE_USER_NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec864917cb9d294b Environment-variable access.
repo/packages/vite/src/node/config.ts:1733
      process.env.NODE_ENV = 'development'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0f522a88845455d8 Environment-variable access.
repo/packages/vite/src/node/config.ts:1744
  const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #122b1cb1dfb3d236 Filesystem access.
repo/packages/vite/src/node/config.ts:2658
    await fsp.writeFile(tempFileName, bundledCode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5e72eac632ac473 Filesystem access.
repo/packages/vite/src/node/constants.ts:7
  readFileSync(new URL('../../package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f9101d48eb1b4855 Filesystem access.
repo/packages/vite/src/node/env.ts:59
      const parsedEnv = parseEnv(fs.readFileSync(filePath, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aa36b9d6e7c759e9 Environment-variable access.
repo/packages/vite/src/node/env.ts:67
  if (parsed.NODE_ENV && process.env.VITE_USER_NODE_ENV === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc082cb65b19f0a3 Environment-variable access.
repo/packages/vite/src/node/env.ts:68
    process.env.VITE_USER_NODE_ENV = parsed.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1d3604fa3e97948 Environment-variable access.
repo/packages/vite/src/node/env.ts:71
  if (parsed.BROWSER && process.env.BROWSER === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2b019e86484e6ac Environment-variable access.
repo/packages/vite/src/node/env.ts:72
    process.env.BROWSER = parsed.BROWSER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ced90533b7a06215 Environment-variable access.
repo/packages/vite/src/node/env.ts:74
  if (parsed.BROWSER_ARGS && process.env.BROWSER_ARGS === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fbad5383c35e5494 Environment-variable access.
repo/packages/vite/src/node/env.ts:75
    process.env.BROWSER_ARGS = parsed.BROWSER_ARGS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4dac3b8c46f28b53 Environment-variable access.
repo/packages/vite/src/node/env.ts:100
      env[key] = process.env[key]!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f62e7b5caad1e6f6 Filesystem access.
repo/packages/vite/src/node/http.ts:162
    return fsp.readFile(path.resolve(value)).catch(() => value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d7822b22f6432c1c Environment-variable access.
repo/packages/vite/src/node/logger.ts:84
    allowClearScreen && process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2da06128a9cf9e86 Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:414
        await fsp.readFile(cachedMetadataPath, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55f144269a940ead Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:540
  fs.writeFileSync(
    path.resolve(processingCacheDir, 'package.json'),
    `{\n  "type": "module"\n}\n`,
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #faafa12fb006c65e Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:595
      fs.writeFileSync(
        dataPath,
        stringifyDepsOptimizerMetadata(metadata, depsCacheDir),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ead9ac13e98ab7e9 Environment-variable access.
repo/packages/vite/src/node/optimizer/index.ts:817
      : JSON.stringify(process.env.NODE_ENV || environment.config.mode),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9525e85586600de9 Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:1161
  const entryContent = fs.readFileSync(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2784abee9ae004fa Environment-variable access.
repo/packages/vite/src/node/optimizer/index.ts:1280
  return process.env.npm_config_user_agent?.startsWith(manager) ? 1 : -1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4145ee6c5f6feb94 Environment-variable access.
repo/packages/vite/src/node/optimizer/index.ts:1292
        ? process.env.NODE_ENV || config.mode

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c655a4fb12ebf6ab Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:1331
  let content = lockfilePath ? fs.readFileSync(lockfilePath, 'utf-8') : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #48d2d87b88808127 Filesystem access.
repo/packages/vite/src/node/optimizer/scan.ts:454
    let raw = await fsp.readFile(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e65c21963d4c586 Filesystem access.
repo/packages/vite/src/node/packages.ts:179
  const data = JSON.parse(stripBomTag(fs.readFileSync(pkgPath, 'utf-8')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c62b0b295e8b1ffa Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:210
              await fsp.readFile(file, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a36de5c78da00fb Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:344
    const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7aa7af14f758b67 Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:353
    const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c58f774b96adc80 Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:452
  const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74e2b2f84aeda827 Environment-variable access.
repo/packages/vite/src/node/plugins/clientInjections.ts:55
          JSON.stringify(process.env.NODE_ENV || config.mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #640d03f19f7c2d4e Filesystem access.
repo/packages/vite/src/node/plugins/clientInjections.ts:147
  const content = fs.readFileSync(normalizedClientEntry, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ead66319e3b60f0a Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:1592
          const code = await fs.promises.readFile(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e8da70eeff312c7 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:2587
            result.contents ?? (await fsp.readFile(result.file, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #582eb7c141e800ef Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:2734
  const content = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27e2ed2dea0d04fc Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:2867
                  (await fsp.readFile(result.resolved, 'utf-8')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b950d418b75a92b6 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:3252
              const code = fs.readFileSync(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #659a63696bc47a67 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:3343
        const code = fs.readFileSync(e.fileName, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5394ce914e45955 Environment-variable access.
repo/packages/vite/src/node/plugins/define.ts:19
    const nodeEnv = process.env.NODE_ENV || config.mode

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9e376d32c400b01 Filesystem access.
repo/packages/vite/src/node/plugins/forwardConsole.ts:138
      const code = fs.readFileSync(stack.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd843ea3f2daa80c Filesystem access.
repo/packages/vite/src/node/plugins/license.ts:83
            entry.text = fs.readFileSync(licenseFile, 'utf-8').trim()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eef2de3c8aa8c176 Filesystem access.
repo/packages/vite/src/node/plugins/optimizedDeps.ts:89
            fsp.readFile(file, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e8a60e9776b5c5f Filesystem access.
repo/packages/vite/src/node/plugins/optimizedDeps.ts:90
            fsp
              .readFile(`${file}.map`, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3545fec96d47dd97 Environment-variable access.
repo/packages/vite/src/node/plugins/reporter.ts:9
    const tty = process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0bc922432e949680 Filesystem access.
repo/packages/vite/src/node/plugins/wasm.ts:192
    const wasmBinary = await fsp.readFile(wasmFilePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0d12ef9255204ad Filesystem access.
repo/packages/vite/src/node/server/hmr.ts:1137
  const content = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0536ed7a883fa85 Filesystem access.
repo/packages/vite/src/node/server/hmr.ts:1149
    return await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4b223843c5a5429c Environment-variable access.
repo/packages/vite/src/node/server/index.ts:934
  if (process.env.DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #91cb5daa84199c52 Filesystem access.
repo/packages/vite/src/node/server/index.ts:1275
    const content = fs.readFileSync(pnpmModulesYaml, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #458adf09485d831e Environment-variable access.
repo/packages/vite/src/node/server/index.ts:1316
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ca9fb3f16b70d7e4 Environment-variable access.
repo/packages/vite/src/node/server/index.ts:1320
      process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3cb0a1767a2cfbc4 Filesystem access.
repo/packages/vite/src/node/server/middlewares/__tests__/indexHtml.spec.ts:9
const HTML_CONTENT = fs.readFileSync(HTML_PATH, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #362071b95778adf0 Filesystem access.
repo/packages/vite/src/node/server/middlewares/__tests__/indexHtml.spec.ts:68
    const htmlContent = fs.readFileSync(htmlPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6eaff6d75757fa5c Filesystem access.
repo/packages/vite/src/node/server/middlewares/indexHtml.ts:540
          let html = await fsp.readFile(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5d1ee4f85748c87 Filesystem access.
repo/packages/vite/src/node/server/middlewares/transform.ts:170
              await fsp.readFile(sourcemapPath, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0efb366c465a30fe Environment-variable access.
repo/packages/vite/src/node/server/openBrowser.ts:31
  const browser = typeof opt === 'string' ? opt : process.env.BROWSER || ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dbff19d86527b961 Environment-variable access.
repo/packages/vite/src/node/server/openBrowser.ts:35
    const browserArgs = process.env.BROWSER_ARGS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bff63d51c47d4cef Environment-variable access.
repo/packages/vite/src/node/server/openBrowser.ts:36
      ? process.env.BROWSER_ARGS.split(' ')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c319c7ddee357bf2 Environment-variable access.
repo/packages/vite/src/node/server/pluginContainer.ts:111
  process.env.DEBUG_VITE_SOURCEMAP_COMBINE_FILTER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ffda5912a2e203dc Filesystem access.
repo/packages/vite/src/node/server/pluginContainer.ts:961
              code = fs.readFileSync(err.loc.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4b9765f87604cd52 Filesystem access.
repo/packages/vite/src/node/server/pluginContainer.ts:1000
              code = fs.readFileSync(err.loc.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #60f51d567f17dc38 Filesystem access.
repo/packages/vite/src/node/server/searchRoot.ts:31
    const content = JSON.parse(fs.readFileSync(path, 'utf-8')) || {}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4939b9f2d329af3b Filesystem access.
repo/packages/vite/src/node/server/searchRoot.ts:46
      const content = JSON.parse(fs.readFileSync(path, 'utf-8')) || {}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c8c227bb355c62f5 Filesystem access.
repo/packages/vite/src/node/server/sourcemap.ts:112
          sourcesContent[index] = await fsp
            .readFile(resolvedSourcePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0668db11ccbe8324 Filesystem access.
repo/packages/vite/src/node/server/sourcemap.ts:241
    return fs.readFileSync(resolvedPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fdd9fc2208962053 Filesystem access.
repo/packages/vite/src/node/server/transformRequest.ts:284
        code = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4c222067892ee3a Filesystem access.
repo/packages/vite/src/node/server/warmup.ts:34
        const html = await fs.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08b28b2204bf2b42 Environment-variable access.
repo/packages/vite/src/node/shortcuts.ts:36
  enabled: boolean = process.stdin.isTTY && !process.env.CI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d788e4cfee5f9a2b Filesystem access.
repo/packages/vite/src/node/ssr/__tests__/ssrLoadModule.spec.ts:233
  const source = fs.readFileSync(
    path.join(root, 'fixtures/json/test.json'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #009df18a995cc0b2 Filesystem access.
repo/packages/vite/src/node/ssr/__tests__/ssrTransform.spec.ts:644
    return readFileSync(fileURLToPath(url), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a7e0552b0f43ab3e Filesystem access.
repo/packages/vite/src/node/ssr/__tests__/ssrTransform.spec.ts:669
    return readFileSync(fileURLToPath(url), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fc6e144f6d705ad6 Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/fixtures/native.js:3
export { readdirSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c101a02c6f336f7e Environment-variable access.
repo/packages/vite/src/node/ssr/runtime/__tests__/server-hmr.spec.ts:137
  process.env.CI ? 50_00 : 5_000,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e68a4a3c8625f803 Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:114
      fs.writeFileSync(file, content, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5c410c7a831a6310 Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:121
      const content = fs.readFileSync(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8cf0970be094704c Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:123
      fs.writeFileSync(file, callback(content), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2edcb48f1ca6a908 Filesystem access.
repo/packages/vite/src/node/ssr/runtime/serverModuleRunner.ts:66
      return readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0881aecfc4e40d66 Environment-variable access.
repo/packages/vite/src/node/utils.ts:176
const filter = process.env.VITE_DEBUG_FILTER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5dfb1559edc7c6fb Environment-variable access.
repo/packages/vite/src/node/utils.ts:178
const DEBUG = process.env.DEBUG

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1e66ad0f7b513e90 Environment-variable access.
repo/packages/vite/src/node/utils.ts:1246
    const method = process.env.VITE_DEPRECATION_TRACE ? 'trace' : 'warn'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #456e6c66eaf9bcc0 Environment-variable access.
repo/packages/vite/src/node/utils.ts:1351
    const method = process.env.VITE_DEPRECATION_TRACE ? 'trace' : 'warn'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #90c407632183a200 Environment-variable access.
repo/packages/vite/src/node/utils.ts:1708
    process.env.npm_config_user_agent?.split(' ')[0].split('/')[0] || 'npm'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc5f6c3fb8121e9b Environment-variable access.
repo/packages/vite/src/node/utils.ts:1833
    if (process.env.CI !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39e6c9b5e7e93ce1 Environment-variable access.
repo/packages/vite/src/node/utils.ts:1846
    if (process.env.CI !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #96b0a9b4d4a57780 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:536
  const src = readFile('foo.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #46e54f409922aaad Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:555
    const src = readFile('テスト-測試-white space.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fea2ccd43ead1a87 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:579
    const newContent = readFile('import-meta-url/img-update.png', null)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7059348c9ef833cc Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:787
  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7e02afb77fcfd092 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:794
  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d354eab3bfab1184 Filesystem access.
repo/playground/csp/vite.config.js:28
  const content = await fs.readFile(
    path.join(import.meta.dirname, file),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #170ee5a65c60b04b Environment-variable access.
repo/playground/css-lightningcss-proxy/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83837a04482d14b5 Filesystem access.
repo/playground/css-lightningcss-proxy/server.js:59
      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9ba0bf53c1402310 Filesystem access.
repo/playground/css/__tests__/tests.ts:412
    readFileSync(require.resolve('../raw-imported.css'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #91b8c6e3503e9bd6 Filesystem access.
repo/playground/css/postcss.config.js:23
        const text = files.map((f) => fs.readFileSync(f, 'utf-8')).join('\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #35a0b85c4755c967 Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:52
  expect(await page.textContent('.node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #08d93a585d328c73 Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:53
  expect(await page.textContent('.global-node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b82f9c502c459322 Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:55
    process.env.NODE_ENV,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8826968aa94f3aa Environment-variable access.
repo/playground/env/vite.config.js:3
process.env.EXPAND = 'expand'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d20d64eee171049f Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:49
      fs.readFileSync(file, 'utf-8').includes('process.env.NODE_ENV'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #562b07766515ba7c Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:67
      const originalContent = readFile(filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e6f44edced79bcd5 Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:68
      fs.writeFileSync(
        filePath,
        `import 'react-fake-${env}'\n${originalContent}`,
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5b8e72d67b4c03d5 Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:74
        fs.writeFileSync(filePath, originalContent, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ab8c56b75b70658 Filesystem access.
repo/playground/external/vite.config.js:13
      const code = await fs.readFile(
        new URL(`./node_modules/${file}`, import.meta.url),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a71017d2be81e65c Filesystem access.
repo/playground/fs-serve/__tests__/commonTests.ts:26
const safeJsonContent = fs.readFileSync(
  path.resolve(import.meta.dirname, '../safe.json'),
  'utf-8',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b74ae5127439a32b Filesystem access.
repo/playground/hmr-full-bundle-mode/__tests__/hmr-full-bundle-mode.spec.ts:144
    const original = readFile('hmr-asset.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #72d5f2a63a29cbef Filesystem access.
repo/playground/hmr-full-bundle-mode/__tests__/hmr-full-bundle-mode.spec.ts:228
    const original = readFile('invalidation-child.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0e1998877ea3508d Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:299
      const originalUnresolvedFile = readFile('unresolved.ts')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a7011593513723cc Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:302
        fs.writeFileSync(filepath, originalUnresolvedFile, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3dbe1c532fe2666c Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:785
  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f17dc5a2dad5d152 Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:855
  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f101cdea257f2089 Filesystem access.
repo/playground/hmr/__tests__/hmr.spec.ts:924
    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f3e21cac41166e8c Filesystem access.
repo/playground/hmr/__tests__/hmr.spec.ts:1001
    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #714e198c18fdaa47 Filesystem access.
repo/playground/hmr/vite.config.ts:114
        const dep = await fs.readFile(depPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a00175b32c118416 Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:308
      const mapContent = readFile(`dist/assets/${mapAsset}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #aaf72e064f70e3ce Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:384
      const jsContent = readFile(jsAsset)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #36e0cbe345e79d34 Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:395
      const mapContent = readFile(mapFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3a64287a1f278e3e Filesystem access.
repo/playground/json/__tests__/csr/json-csr.spec.ts:48
    readFileSync(require.resolve('../../test.json'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #83da30cbb1699c94 Filesystem access.
repo/playground/legacy/__tests__/legacy.spec.ts:171
          readFile(`dist/assets/${filename}`).includes('Unable to preload'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e26fa7fd102bd9c2 Filesystem access.
repo/playground/legacy/vite.config-chunk-importmap.js:21
    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d363c2628718dcfd Filesystem access.
repo/playground/legacy/vite.config-chunk-importmap.js:25
    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #356c8239a7c7fa59 Filesystem access.
repo/playground/legacy/vite.config.js:45
    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #abd31a7dddd3c9b7 Filesystem access.
repo/playground/legacy/vite.config.js:49
    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #acb9b77b0981e4d8 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:11
    const code = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e82ad742fa2efc09 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:12
    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.umd.cjs',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5f528367018734e0 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:15
    const namedCode = readFile('dist/named/my-lib-named.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4bc1ef5b80703d53 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:26
    const code = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c5ea39337b9a3dc6 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:27
    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #86069a58e95a07a0 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:30
    const namedCode = readFile('dist/named/my-lib-named.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #37a4ff7848389db7 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:40
    const code = readFile(
      'dist/helpers-injection/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #49943959854c27d4 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:52
    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bfd734feab2a58fe Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:60
    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d06d843f2ab15152 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:70
    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #31ff5b0fe77e6a44 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:75
    const es = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b3473af12509b6d1 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:87
    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #43f075e653478931 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:88
    const iife = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #84caa05961e712e6 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:89
    const umd = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #08a97af0f5cd9226 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:96
    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5e2b3c5c433acb06 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:101
    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #601bcbfea2d12a13 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:106
    const terserIife = readFile('dist/terser/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9e463aba14dda8a2 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:111
    const css = readFile('dist/css-single-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3ec76e37eb70ad40 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:112
    const js = readFile('dist/css-single-entry/test-my-lib.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e13d52cfee5fc313 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:113
    const umd = readFile('dist/css-single-entry/test-my-lib.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ee630819fc14d788 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:120
    const css = readFile('dist/css-multi-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2eb8863f96754c93 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:121
    const js1 = readFile('dist/css-multi-entry/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #86f1a0b55da380f2 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:122
    const js2 = readFile('dist/css-multi-entry/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #65d1975db44af9eb Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:123
    const cjs1 = readFile('dist/css-multi-entry/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e76947bc04cda094 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:124
    const cjs2 = readFile('dist/css-multi-entry/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #88ee7a251fbf37b6 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:134
    const css1 = readFile('dist/css-code-split/css-entry-1.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fd46c29eae714ef5 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:135
    const css2 = readFile('dist/css-code-split/css-entry-2.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d46a28c4f322c263 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:136
    const js1 = readFile('dist/css-code-split/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3e4c55a8dbcc84de Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:137
    const js2 = readFile('dist/css-code-split/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #00987847ee44578b Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:138
    const cjs1 = readFile('dist/css-code-split/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2558e5d7ffc485ef Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:139
    const cjs2 = readFile('dist/css-code-split/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #85eab5f772a6ec08 Environment-variable access.
repo/playground/lib/__tests__/serve.ts:26
    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5ce9c4b58ca42da6 Environment-variable access.
repo/playground/lib/src/main.js:8
  console.log(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #53596bce5b92e5ad Filesystem access.
repo/playground/lib/vite.config.js:38
          source: fs.readFileSync(
            path.resolve(import.meta.dirname, 'index.dist.html'),
            'utf-8',
          ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55d305797a7d2af3 Environment-variable access.
repo/playground/lib/vite.multiple-output.config.js:4
const root = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #039ec5f490233641 Filesystem access.
repo/playground/minify/__tests__/minify.spec.ts:11
  const jsContent = readFile(path.resolve(assetsDir, jsFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #50b97df9c90df90f Filesystem access.
repo/playground/minify/__tests__/minify.spec.ts:14
  const cssContent = readFile(path.resolve(assetsDir, cssFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1a0121bc9306dbd3 Environment-variable access.
repo/playground/optimize-deps-no-discovery/vite.config.js:4
process.env.NODE_ENV = ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd867565e07cf73c Environment-variable access.
repo/playground/optimize-deps/dep-cjs-with-external-deps/index.js:5
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f31c2a2cc51e66d Filesystem access.
repo/playground/optimize-deps/dep-linked-include/index.mjs:16
  fs.readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b256488cdab86ac4 Environment-variable access.
repo/playground/optimize-deps/dep-node-env/index.js:1
export const env = process.env.NODE_ENV === 'production' ? 'prod' : 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #622e5228fdb776c4 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4a3c09625149d0e4 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:20
  return fs.readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #060b754ee17ccba6 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:3
import { readFileSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #551fbf4eca644a52 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:9
  readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b970c78cad766cb1 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:23
  return readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5fd58d9c30adb060 Filesystem access.
repo/playground/optimize-deps/vite.config.js:116
                    let contents = fs.readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7b6456e582dbf89 Environment-variable access.
repo/playground/optimize-missing-deps/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7bd98e482dd0f9e5 Filesystem access.
repo/playground/optimize-missing-deps/server.js:33
      let template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #73afbe04c9ada293 Environment-variable access.
repo/playground/ssr-alias/src/main.js:8
  builtin: process.env['__TEST_ALIAS__'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #912fc95da6166cb0 Environment-variable access.
repo/playground/ssr-conditions/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ef51788309468c1 Environment-variable access.
repo/playground/ssr-conditions/server.js:10
  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d4f7bb988689bcbc Filesystem access.
repo/playground/ssr-conditions/server.js:16
    ? fs.readFileSync(resolve('dist/client/index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f23a89fe392c8b04 Filesystem access.
repo/playground/ssr-conditions/server.js:56
        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1bf6187f5267639c Environment-variable access.
repo/playground/ssr-deps/__tests__/ssr-deps.spec.ts:103
    `Hello World from ${process.env.NODE_ENV}!`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b7b6fd8b6624c65 Filesystem access.
repo/playground/ssr-deps/read-file-content/index.js:5
  return await fs.readFile(path.resolve(filePath), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e3f55687e6b999d Environment-variable access.
repo/playground/ssr-deps/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4954ca29a6cc090e Filesystem access.
repo/playground/ssr-deps/server.js:100
      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f87c8d42c299cfcc Environment-variable access.
repo/playground/ssr-html/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8365c376cadbe5d8 Filesystem access.
repo/playground/ssr-html/server.js:79
        const template = fs.readFileSync(resolve(`.${url}index.html`), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bce6d2db5d05a752 Filesystem access.
repo/playground/ssr-html/server.js:94
      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #265f58440657fef7 Environment-variable access.
repo/playground/ssr-html/test-stacktrace.js:10
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c7cc25bbee06923 Environment-variable access.
repo/playground/ssr-noexternal/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1933d15173ea72e0 Environment-variable access.
repo/playground/ssr-noexternal/server.js:9
  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #938f4f80c4b7cf2d Filesystem access.
repo/playground/ssr-noexternal/server.js:15
    ? fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b84908c2202ef31b Filesystem access.
repo/playground/ssr-noexternal/server.js:54
        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #896fea7b1c0cc826 Environment-variable access.
repo/playground/ssr-pug/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a91c02c43f667cb6 Filesystem access.
repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:9
  const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8b0ffbe2e0c64716 Filesystem access.
repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:38
    const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #170debf84f8e34ab Environment-variable access.
repo/playground/ssr-wasm/server.js:3
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a32b3de610e5688d Environment-variable access.
repo/playground/ssr-wasm/server.js:4
const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee5537d47f97bcb4 Environment-variable access.
repo/playground/ssr-webworker/worker.js:4
const isTest = !!process.env.TEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c6bbe7674eca6434 Environment-variable access.
repo/playground/ssr/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #57ca376e004a1066 Filesystem access.
repo/playground/ssr/server.js:47
      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b747751952749ee9 Filesystem access.
repo/playground/test-utils.ts:164
  return fs.readFileSync(path.resolve(testDir, filename), encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b957b945bc7d48d1 Filesystem access.
repo/playground/test-utils.ts:190
  const content: string | Buffer = fs.readFileSync(filename, encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a9590a926d031d37 Filesystem access.
repo/playground/test-utils.ts:204
  fs.writeFileSync(filename, modified)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7cd681babf2eae04 Filesystem access.
repo/playground/test-utils.ts:210
  fs.writeFileSync(resolvedFilename, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b3132f27edcde99 Filesystem access.
repo/playground/test-utils.ts:243
            fs.readFileSync(path.resolve(assetsDir, file), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3580e23d8a7dbca0 Filesystem access.
repo/playground/test-utils.ts:250
      ? fs.readFileSync(path.resolve(assetsDir, matchedFile), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cbcf381b3a89aa05 Filesystem access.
repo/playground/test-utils.ts:257
    fs.readFileSync(
      path.join(testDir, 'dist', base, '.vite/manifest.json'),
      'utf-8',
    ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc2de7d31bcccbc2 Filesystem access.
repo/playground/test-utils.ts:269
    fs.readFileSync(
      path.join(testDir, `node_modules/.vite/deps${suffix}/_metadata.json`),
      'utf-8',
    ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #04a13038989ac325 Filesystem access.
repo/playground/tsconfig-json-load-error/__tests__/tsconfig-json-load-error.spec.ts:18
      readFile('dist/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1a422c113e9ff7c4 Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:37
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8936fd86007e00dd Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:51
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e42a5ddb6f6a5b9f Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:66
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ca2c6c28d2746114 Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:81
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #84295de0fdd11a3d Environment-variable access.
repo/playground/vitestGlobalSetup.ts:13
    headless: !process.env.VITE_DEBUG_SERVE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44a4f3182477f386 Environment-variable access.
repo/playground/vitestGlobalSetup.ts:14
    args: process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f4eead2a2337439 Environment-variable access.
repo/playground/vitestGlobalSetup.ts:68
  if (!process.env.VITE_PRESERVE_BUILD_ARTIFACTS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f93eb5bddee3e1ea Environment-variable access.
repo/playground/vitestSetup.ts:66
export const isBuild = !!process.env.VITE_TEST_BUILD

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a23beb8df00234c Environment-variable access.
repo/playground/vitestSetup.ts:157
        process.env.VITE_DEBUG_SERVE &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e204d744a1aee35 Environment-variable access.
repo/playground/vitestSetup.ts:279
    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9bdf1c43f07f69fe Environment-variable access.
repo/playground/vitestSetup.ts:288
    process.env.VITE_INLINE = 'inline-build'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #afb91dde40655bb2 Environment-variable access.
repo/playground/vitestSetup.ts:324
    const _nodeEnv = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #37cc6fd705dfec21 Environment-variable access.
repo/playground/vitestSetup.ts:327
    process.env.NODE_ENV = _nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6110d7e6941a9371 Environment-variable access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:10
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #60f9a1e2693b1450 Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:103
      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a9852eaedf555341 Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:111
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ed3afd4e5e016b6f Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:113
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d878a500da8b86b0 Environment-variable access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:19
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #be73d6e44ff4d711 Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:90
      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6070ccbad757bb0a Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:98
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8cf628b89e910d55 Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:100
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c956e1c3ac9dff9e Environment-variable access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:10
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #81bc5384e89e2a01 Filesystem access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:66
    const content = fs.readFileSync(path.resolve(chunksDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1f19dac70e547dbf Filesystem access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:73
    const workerContent = fs.readFileSync(
      path.resolve(workerEntriesDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ec03ddecf2127935 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:20
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #120d164172dadf65 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:23
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #042a39dec0f999a4 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:31
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a1a688d2bad7ae68 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:39
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #97ea58be69f02e33 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:49
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e40fba5da665b865 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:57
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #de6b7976c743ec03 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:14
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8d7328c433a93d28 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:17
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8a70ee0a889cbad1 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:25
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fcaf01ec3998b8ad Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:33
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1fc93a87dfa7ecb6 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:43
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a7adf1b426528337 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:51
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #95731d5c83ef0e1b Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:20
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #97acbb0e8c7cf2bd Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:23
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #39aa84348779f753 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:31
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7f8ea5bf4d944293 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:39
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #562382f869f1d40e Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:49
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d82fb2379cd7eaff Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:57
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #717adee06404afd1 Environment-variable access.
repo/playground/worker/modules/workerImport.ts:2
export const mode = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c62210bef240e3e2 Environment-variable access.
repo/playground/worker/worker-sourcemap-config.js:7
    /** @type {'inline' | 'hidden' | 'sourcemap'} */ (
      process.env.WORKER_MODE
    ) || sourcemap

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cab6c6ea91a497b3 Filesystem access.
repo/scripts/mergeChangelog.ts:188
const content = await readFile(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6b949d6c22a64fd2 Filesystem access.
repo/scripts/mergeChangelog.ts:212
await writeFile(filePath, result, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7c978cc648f02b62 Filesystem access.
repo/scripts/releaseUtils.ts:19
    await fs.readFile(`packages/${pkgName}/package.json`, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b9e3ead1995142e Filesystem access.
repo/scripts/releaseUtils.ts:55
    await fs.readFile('packages/vite/package.json', 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4071e75d47971991 Filesystem access.
repo/scripts/releaseUtils.ts:66
    const pkg = JSON.parse(await fs.readFile(pkgPath, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #210cf5b3dd3e85ce Filesystem access.
repo/scripts/releaseUtils.ts:68
    await fs.writeFile(pkgPath, JSON.stringify(pkg, null, 2) + '\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1740f9e2e4b3f52a Environment-variable access.
repo/vitest.config.e2e.ts:4
const isBuild = !!process.env.VITE_TEST_BUILD

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a915e8a24775899d Environment-variable access.
repo/vitest.config.e2e.ts:6
const timeout = process.env.PWDEBUG ? Infinity : process.env.CI ? 50000 : 30000

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c5f18bd25ac212eb Environment-variable access.
repo/vitest.config.e2e.ts:36
        timeout: 50 * (process.env.CI ? 200 : 50),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #70e799e9b4c84744 Environment-variable access.
repo/vitest.config.e2e.ts:40
      NODE_ENV: process.env.VITE_TEST_BUILD ? 'production' : 'development',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/create-vite

npm first-party
expand_more 18 low-confidence finding(s)
low env_fs test-only #90f5cd7ebd6525bf Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:32
  fs.writeFileSync(pkgJson, '{ "foo": "bar" }')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #58f5ae4629230a11 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:179
  const configFile = fs.readFileSync(
    path.join(genPath, 'vite.config.ts'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8884839a2024badc Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:183
  const packageJsonFile = fs.readFileSync(
    path.join(genPath, 'package.json'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d6b699cbb2d50cb5 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:187
  const readmeFile = fs.readFileSync(path.join(genPath, 'README.md'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #afb6a2d3d740c10a Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:205
  const pkg = fs.readFileSync(path.join(genPath, 'package.json'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6e540620cd02edf5 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:210
  const readme = fs.readFileSync(path.join(genPath, 'README.md'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #134a177ccb9b8c3f Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:224
  const pkg = fs.readFileSync(path.join(genPath, 'package.json'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f37fc1a3d95b9200 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:288
  const indexHtmlContent = fs.readFileSync(indexHtmlPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #746e567f63769701 Environment-variable access.
repo/packages/create-vite/src/index.ts:415
  if (process.env._VITE_TEST_CLI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #274f26cf6761f290 Environment-variable access.
repo/packages/create-vite/src/index.ts:429
  if (process.env._VITE_TEST_CLI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #76bcea3f861c5fb1 Environment-variable access.
repo/packages/create-vite/src/index.ts:466
  const pkgInfo = pkgFromUserAgent(process.env.npm_config_user_agent)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ae2c23e159459157 Filesystem access.
repo/packages/create-vite/src/index.ts:676
      fs.writeFileSync(targetPath, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f89189a5bdbc832f Filesystem access.
repo/packages/create-vite/src/index.ts:679
      const templateContent = fs.readFileSync(templatePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a15a46a3473cfaf4 Filesystem access.
repo/packages/create-vite/src/index.ts:684
      fs.writeFileSync(targetPath, updatedContent)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ac767b909ed5edc Filesystem access.
repo/packages/create-vite/src/index.ts:696
    fs.readFileSync(path.join(templateDir, `package.json`), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #507723ab2c884d97 Filesystem access.
repo/packages/create-vite/src/index.ts:914
  fs.writeFileSync(path.resolve(root, 'eslint.config.js'), eslintConfig)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7724575c9691fdd2 Filesystem access.
repo/packages/create-vite/src/index.ts:1043
  const content = fs.readFileSync(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bf1fb3c3a16a981b Filesystem access.
repo/packages/create-vite/src/index.ts:1044
  fs.writeFileSync(file, callback(content), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/plugin-legacy

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs test-only #75e2a4249bc50375 Filesystem access.
repo/packages/plugin-legacy/src/__tests__/readme.spec.ts:7
  const readme = fs.readFileSync(
    path.resolve(import.meta.dirname, '../../README.md'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d85f208c0d39f9ee Environment-variable access.
repo/packages/plugin-legacy/src/index.ts:163
  const debugFlags = (process.env.DEBUG || '').split(',')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/vite

npm first-party
expand_more 127 low-confidence finding(s)
low env_fs production #d521874427fe648b Environment-variable access.
repo/packages/vite/bin/vite.js:6
  if (!process.env.DEBUG_DISABLE_SOURCE_MAP) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d01b8758a9d47f8c Environment-variable access.
repo/packages/vite/bin/vite.js:36
  process.env.DEBUG = `${

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9d666f19508121d9 Environment-variable access.
repo/packages/vite/bin/vite.js:37
    process.env.DEBUG ? process.env.DEBUG + ',' : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f289025d494109b Environment-variable access.
repo/packages/vite/bin/vite.js:43
      process.env.VITE_DEBUG_FILTER = filter

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #76783b3f378f0b5c Filesystem access.
repo/packages/vite/rolldown.config.ts:12
  readFileSync(new URL('./package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #782e481113a18910 Environment-variable access.
repo/packages/vite/rolldown.config.ts:14
const disableSourceMap = !!process.env.DEBUG_DISABLE_SOURCE_MAP

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #375f4008d0c052da Filesystem access.
repo/packages/vite/rolldown.config.ts:186
        writeFileSync(
          'dist/node/index.d.ts',
          "export * from '../../src/node/index.ts'",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83eaea105e46570c Filesystem access.
repo/packages/vite/rolldown.config.ts:190
        writeFileSync(
          'dist/node/module-runner.d.ts',
          "export * from '../../src/module-runner/index.ts'",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6888b3ad0b16721 Filesystem access.
repo/packages/vite/rolldown.dts.config.ts:23
  readFileSync(new URL('./package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a02b2dff027d1b4f Filesystem access.
repo/packages/vite/rollupLicensePlugin.ts:17
      const coreLicense = fs.readFileSync(
        new URL('../../LICENSE', import.meta.url),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7510351f4a96e6ff Filesystem access.
repo/packages/vite/rollupLicensePlugin.ts:108
      const existingLicenseText = fs.readFileSync(licenseFilePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a90f98c6f4f499c4 Filesystem access.
repo/packages/vite/rollupLicensePlugin.ts:110
        fs.writeFileSync(licenseFilePath, licenseText)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #deef39ee621e94c6 Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1152
  const content = await fsp.readFile(entry, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #949e0519ef6b6266 Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1153
  await fsp.writeFile(
    entry,
    content.replace(`import('./dep.js')`, `'dep.js removed'`),
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7ef9810999ebace0 Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1158
    await fsp.writeFile(entry, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8c6d0364db013a90 Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1188
    fsp.readFile(resolve(root, 'dist/favicon.svg'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #763c9fa9e5b6c2d3 Filesystem access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1386
      fs.writeFileSync(path.resolve(root, fileName), content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4c45cf95f42ec299 Filesystem access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1390
      fs.writeFileSync(
        path.resolve(root, 'package.json'),
        JSON.stringify({
          name: '@vitejs/test-load-config-from-file',
          type: typeField,
        }),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b156b862f0f3cff5 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1599
    delete process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7c4841ac40e396d4 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1603
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'example.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e244371295203643 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1613
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a233f0ebcbacfc3e Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1628
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e42d4c25e484bf53 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1643
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2bdbc3c268ca159d Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1654
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'new.com,another.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #32b8f02994563f6a Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1668
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'example.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ca57a87e358a0ce5 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1680
      process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = env

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c53797119d82b818 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:54
    expect(process.env.VITE_USER_NODE_ENV).toEqual(undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f6e43393b6b28159 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:58
    const _nodeEnv = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #72a07038285ea67e Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:59
    process.env.NODE_ENV = 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c6577782ffc6ac43 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:61
    expect(process.env.VITE_USER_NODE_ENV).toEqual('development')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #49f8357034cf0937 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:62
    process.env.NODE_ENV = _nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4c7ca2b1bd5c8f2c Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:66
    process.env.VITE_USER_NODE_ENV = 'test'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #14986a9fc0d59199 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:68
    expect(process.env.VITE_USER_NODE_ENV).toEqual('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #882097e96421245d Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:72
    process.env.VITE_ENV_TEST_ENV = 'EXIST'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f995eb5da1d24f98 Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/cssPreprocessorTeardown.spec.ts:25
    fs.writeFileSync(scssPath, '$c: red;\nbody { color: $c; }\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d320987d130dba7e Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/cssPreprocessorTeardown.spec.ts:37
        fs.readFileSync(scssPath, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8d84384cfcf5ee94 Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/importGlob/fixture.spec.ts:14
      await transformWithEsbuild(await fs.readFile(id, 'utf-8'), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a063bd462e28e634 Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/importGlob/fixture.spec.ts:85
      await transformWithEsbuild(await fs.readFile(id, 'utf-8'), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2bdaa9bc9b615a95 Environment-variable access.
repo/packages/vite/src/node/build.ts:1091
  const tty = process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ab2d65bc8d0a588 Filesystem access.
repo/packages/vite/src/node/cli.ts:79
        fs.writeFileSync(outPath, JSON.stringify(profile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1a6a4d607a6a35da Environment-variable access.
repo/packages/vite/src/node/config.ts:1422
  if (process.env.NODE_ENV === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cec61bd09ba024af Environment-variable access.
repo/packages/vite/src/node/config.ts:1425
      process.env.NODE_ENV = nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6b89f791ef222e61 Environment-variable access.
repo/packages/vite/src/node/config.ts:1428
  const isNodeEnvSet = !!process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d186a8c67b15a98 Environment-variable access.
repo/packages/vite/src/node/config.ts:1434
    process.env.NODE_ENV = defaultNodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #274810f343d0cabf Environment-variable access.
repo/packages/vite/src/node/config.ts:1730
  const userNodeEnv = process.env.VITE_USER_NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec864917cb9d294b Environment-variable access.
repo/packages/vite/src/node/config.ts:1733
      process.env.NODE_ENV = 'development'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0f522a88845455d8 Environment-variable access.
repo/packages/vite/src/node/config.ts:1744
  const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #122b1cb1dfb3d236 Filesystem access.
repo/packages/vite/src/node/config.ts:2658
    await fsp.writeFile(tempFileName, bundledCode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5e72eac632ac473 Filesystem access.
repo/packages/vite/src/node/constants.ts:7
  readFileSync(new URL('../../package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f9101d48eb1b4855 Filesystem access.
repo/packages/vite/src/node/env.ts:59
      const parsedEnv = parseEnv(fs.readFileSync(filePath, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aa36b9d6e7c759e9 Environment-variable access.
repo/packages/vite/src/node/env.ts:67
  if (parsed.NODE_ENV && process.env.VITE_USER_NODE_ENV === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc082cb65b19f0a3 Environment-variable access.
repo/packages/vite/src/node/env.ts:68
    process.env.VITE_USER_NODE_ENV = parsed.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1d3604fa3e97948 Environment-variable access.
repo/packages/vite/src/node/env.ts:71
  if (parsed.BROWSER && process.env.BROWSER === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2b019e86484e6ac Environment-variable access.
repo/packages/vite/src/node/env.ts:72
    process.env.BROWSER = parsed.BROWSER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ced90533b7a06215 Environment-variable access.
repo/packages/vite/src/node/env.ts:74
  if (parsed.BROWSER_ARGS && process.env.BROWSER_ARGS === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fbad5383c35e5494 Environment-variable access.
repo/packages/vite/src/node/env.ts:75
    process.env.BROWSER_ARGS = parsed.BROWSER_ARGS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4dac3b8c46f28b53 Environment-variable access.
repo/packages/vite/src/node/env.ts:100
      env[key] = process.env[key]!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f62e7b5caad1e6f6 Filesystem access.
repo/packages/vite/src/node/http.ts:162
    return fsp.readFile(path.resolve(value)).catch(() => value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d7822b22f6432c1c Environment-variable access.
repo/packages/vite/src/node/logger.ts:84
    allowClearScreen && process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2da06128a9cf9e86 Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:414
        await fsp.readFile(cachedMetadataPath, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55f144269a940ead Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:540
  fs.writeFileSync(
    path.resolve(processingCacheDir, 'package.json'),
    `{\n  "type": "module"\n}\n`,
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #faafa12fb006c65e Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:595
      fs.writeFileSync(
        dataPath,
        stringifyDepsOptimizerMetadata(metadata, depsCacheDir),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ead9ac13e98ab7e9 Environment-variable access.
repo/packages/vite/src/node/optimizer/index.ts:817
      : JSON.stringify(process.env.NODE_ENV || environment.config.mode),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9525e85586600de9 Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:1161
  const entryContent = fs.readFileSync(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2784abee9ae004fa Environment-variable access.
repo/packages/vite/src/node/optimizer/index.ts:1280
  return process.env.npm_config_user_agent?.startsWith(manager) ? 1 : -1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4145ee6c5f6feb94 Environment-variable access.
repo/packages/vite/src/node/optimizer/index.ts:1292
        ? process.env.NODE_ENV || config.mode

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c655a4fb12ebf6ab Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:1331
  let content = lockfilePath ? fs.readFileSync(lockfilePath, 'utf-8') : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #48d2d87b88808127 Filesystem access.
repo/packages/vite/src/node/optimizer/scan.ts:454
    let raw = await fsp.readFile(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e65c21963d4c586 Filesystem access.
repo/packages/vite/src/node/packages.ts:179
  const data = JSON.parse(stripBomTag(fs.readFileSync(pkgPath, 'utf-8')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c62b0b295e8b1ffa Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:210
              await fsp.readFile(file, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a36de5c78da00fb Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:344
    const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7aa7af14f758b67 Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:353
    const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c58f774b96adc80 Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:452
  const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74e2b2f84aeda827 Environment-variable access.
repo/packages/vite/src/node/plugins/clientInjections.ts:55
          JSON.stringify(process.env.NODE_ENV || config.mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #640d03f19f7c2d4e Filesystem access.
repo/packages/vite/src/node/plugins/clientInjections.ts:147
  const content = fs.readFileSync(normalizedClientEntry, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ead66319e3b60f0a Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:1592
          const code = await fs.promises.readFile(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e8da70eeff312c7 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:2587
            result.contents ?? (await fsp.readFile(result.file, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #582eb7c141e800ef Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:2734
  const content = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27e2ed2dea0d04fc Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:2867
                  (await fsp.readFile(result.resolved, 'utf-8')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b950d418b75a92b6 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:3252
              const code = fs.readFileSync(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #659a63696bc47a67 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:3343
        const code = fs.readFileSync(e.fileName, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5394ce914e45955 Environment-variable access.
repo/packages/vite/src/node/plugins/define.ts:19
    const nodeEnv = process.env.NODE_ENV || config.mode

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9e376d32c400b01 Filesystem access.
repo/packages/vite/src/node/plugins/forwardConsole.ts:138
      const code = fs.readFileSync(stack.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd843ea3f2daa80c Filesystem access.
repo/packages/vite/src/node/plugins/license.ts:83
            entry.text = fs.readFileSync(licenseFile, 'utf-8').trim()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eef2de3c8aa8c176 Filesystem access.
repo/packages/vite/src/node/plugins/optimizedDeps.ts:89
            fsp.readFile(file, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e8a60e9776b5c5f Filesystem access.
repo/packages/vite/src/node/plugins/optimizedDeps.ts:90
            fsp
              .readFile(`${file}.map`, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3545fec96d47dd97 Environment-variable access.
repo/packages/vite/src/node/plugins/reporter.ts:9
    const tty = process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0bc922432e949680 Filesystem access.
repo/packages/vite/src/node/plugins/wasm.ts:192
    const wasmBinary = await fsp.readFile(wasmFilePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0d12ef9255204ad Filesystem access.
repo/packages/vite/src/node/server/hmr.ts:1137
  const content = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0536ed7a883fa85 Filesystem access.
repo/packages/vite/src/node/server/hmr.ts:1149
    return await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4b223843c5a5429c Environment-variable access.
repo/packages/vite/src/node/server/index.ts:934
  if (process.env.DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #91cb5daa84199c52 Filesystem access.
repo/packages/vite/src/node/server/index.ts:1275
    const content = fs.readFileSync(pnpmModulesYaml, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #458adf09485d831e Environment-variable access.
repo/packages/vite/src/node/server/index.ts:1316
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ca9fb3f16b70d7e4 Environment-variable access.
repo/packages/vite/src/node/server/index.ts:1320
      process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3cb0a1767a2cfbc4 Filesystem access.
repo/packages/vite/src/node/server/middlewares/__tests__/indexHtml.spec.ts:9
const HTML_CONTENT = fs.readFileSync(HTML_PATH, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #362071b95778adf0 Filesystem access.
repo/packages/vite/src/node/server/middlewares/__tests__/indexHtml.spec.ts:68
    const htmlContent = fs.readFileSync(htmlPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6eaff6d75757fa5c Filesystem access.
repo/packages/vite/src/node/server/middlewares/indexHtml.ts:540
          let html = await fsp.readFile(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5d1ee4f85748c87 Filesystem access.
repo/packages/vite/src/node/server/middlewares/transform.ts:170
              await fsp.readFile(sourcemapPath, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0efb366c465a30fe Environment-variable access.
repo/packages/vite/src/node/server/openBrowser.ts:31
  const browser = typeof opt === 'string' ? opt : process.env.BROWSER || ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dbff19d86527b961 Environment-variable access.
repo/packages/vite/src/node/server/openBrowser.ts:35
    const browserArgs = process.env.BROWSER_ARGS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bff63d51c47d4cef Environment-variable access.
repo/packages/vite/src/node/server/openBrowser.ts:36
      ? process.env.BROWSER_ARGS.split(' ')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c319c7ddee357bf2 Environment-variable access.
repo/packages/vite/src/node/server/pluginContainer.ts:111
  process.env.DEBUG_VITE_SOURCEMAP_COMBINE_FILTER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ffda5912a2e203dc Filesystem access.
repo/packages/vite/src/node/server/pluginContainer.ts:961
              code = fs.readFileSync(err.loc.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4b9765f87604cd52 Filesystem access.
repo/packages/vite/src/node/server/pluginContainer.ts:1000
              code = fs.readFileSync(err.loc.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #60f51d567f17dc38 Filesystem access.
repo/packages/vite/src/node/server/searchRoot.ts:31
    const content = JSON.parse(fs.readFileSync(path, 'utf-8')) || {}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4939b9f2d329af3b Filesystem access.
repo/packages/vite/src/node/server/searchRoot.ts:46
      const content = JSON.parse(fs.readFileSync(path, 'utf-8')) || {}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c8c227bb355c62f5 Filesystem access.
repo/packages/vite/src/node/server/sourcemap.ts:112
          sourcesContent[index] = await fsp
            .readFile(resolvedSourcePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0668db11ccbe8324 Filesystem access.
repo/packages/vite/src/node/server/sourcemap.ts:241
    return fs.readFileSync(resolvedPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fdd9fc2208962053 Filesystem access.
repo/packages/vite/src/node/server/transformRequest.ts:284
        code = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4c222067892ee3a Filesystem access.
repo/packages/vite/src/node/server/warmup.ts:34
        const html = await fs.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08b28b2204bf2b42 Environment-variable access.
repo/packages/vite/src/node/shortcuts.ts:36
  enabled: boolean = process.stdin.isTTY && !process.env.CI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d788e4cfee5f9a2b Filesystem access.
repo/packages/vite/src/node/ssr/__tests__/ssrLoadModule.spec.ts:233
  const source = fs.readFileSync(
    path.join(root, 'fixtures/json/test.json'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #009df18a995cc0b2 Filesystem access.
repo/packages/vite/src/node/ssr/__tests__/ssrTransform.spec.ts:644
    return readFileSync(fileURLToPath(url), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a7e0552b0f43ab3e Filesystem access.
repo/packages/vite/src/node/ssr/__tests__/ssrTransform.spec.ts:669
    return readFileSync(fileURLToPath(url), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fc6e144f6d705ad6 Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/fixtures/native.js:3
export { readdirSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c101a02c6f336f7e Environment-variable access.
repo/packages/vite/src/node/ssr/runtime/__tests__/server-hmr.spec.ts:137
  process.env.CI ? 50_00 : 5_000,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e68a4a3c8625f803 Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:114
      fs.writeFileSync(file, content, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5c410c7a831a6310 Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:121
      const content = fs.readFileSync(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8cf0970be094704c Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:123
      fs.writeFileSync(file, callback(content), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2edcb48f1ca6a908 Filesystem access.
repo/packages/vite/src/node/ssr/runtime/serverModuleRunner.ts:66
      return readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0881aecfc4e40d66 Environment-variable access.
repo/packages/vite/src/node/utils.ts:176
const filter = process.env.VITE_DEBUG_FILTER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5dfb1559edc7c6fb Environment-variable access.
repo/packages/vite/src/node/utils.ts:178
const DEBUG = process.env.DEBUG

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1e66ad0f7b513e90 Environment-variable access.
repo/packages/vite/src/node/utils.ts:1246
    const method = process.env.VITE_DEPRECATION_TRACE ? 'trace' : 'warn'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #456e6c66eaf9bcc0 Environment-variable access.
repo/packages/vite/src/node/utils.ts:1351
    const method = process.env.VITE_DEPRECATION_TRACE ? 'trace' : 'warn'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #90c407632183a200 Environment-variable access.
repo/packages/vite/src/node/utils.ts:1708
    process.env.npm_config_user_agent?.split(' ')[0].split('/')[0] || 'npm'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc5f6c3fb8121e9b Environment-variable access.
repo/packages/vite/src/node/utils.ts:1833
    if (process.env.CI !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39e6c9b5e7e93ce1 Environment-variable access.
repo/packages/vite/src/node/utils.ts:1846
    if (process.env.CI !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground

npm first-party
expand_more 165 low-confidence finding(s)
low env_fs test-only #96b0a9b4d4a57780 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:536
  const src = readFile('foo.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #46e54f409922aaad Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:555
    const src = readFile('テスト-測試-white space.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fea2ccd43ead1a87 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:579
    const newContent = readFile('import-meta-url/img-update.png', null)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7059348c9ef833cc Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:787
  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7e02afb77fcfd092 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:794
  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d354eab3bfab1184 Filesystem access.
repo/playground/csp/vite.config.js:28
  const content = await fs.readFile(
    path.join(import.meta.dirname, file),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #170ee5a65c60b04b Environment-variable access.
repo/playground/css-lightningcss-proxy/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83837a04482d14b5 Filesystem access.
repo/playground/css-lightningcss-proxy/server.js:59
      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9ba0bf53c1402310 Filesystem access.
repo/playground/css/__tests__/tests.ts:412
    readFileSync(require.resolve('../raw-imported.css'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #91b8c6e3503e9bd6 Filesystem access.
repo/playground/css/postcss.config.js:23
        const text = files.map((f) => fs.readFileSync(f, 'utf-8')).join('\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #35a0b85c4755c967 Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:52
  expect(await page.textContent('.node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #08d93a585d328c73 Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:53
  expect(await page.textContent('.global-node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b82f9c502c459322 Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:55
    process.env.NODE_ENV,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8826968aa94f3aa Environment-variable access.
repo/playground/env/vite.config.js:3
process.env.EXPAND = 'expand'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d20d64eee171049f Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:49
      fs.readFileSync(file, 'utf-8').includes('process.env.NODE_ENV'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #562b07766515ba7c Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:67
      const originalContent = readFile(filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e6f44edced79bcd5 Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:68
      fs.writeFileSync(
        filePath,
        `import 'react-fake-${env}'\n${originalContent}`,
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5b8e72d67b4c03d5 Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:74
        fs.writeFileSync(filePath, originalContent, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ab8c56b75b70658 Filesystem access.
repo/playground/external/vite.config.js:13
      const code = await fs.readFile(
        new URL(`./node_modules/${file}`, import.meta.url),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a71017d2be81e65c Filesystem access.
repo/playground/fs-serve/__tests__/commonTests.ts:26
const safeJsonContent = fs.readFileSync(
  path.resolve(import.meta.dirname, '../safe.json'),
  'utf-8',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b74ae5127439a32b Filesystem access.
repo/playground/hmr-full-bundle-mode/__tests__/hmr-full-bundle-mode.spec.ts:144
    const original = readFile('hmr-asset.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #72d5f2a63a29cbef Filesystem access.
repo/playground/hmr-full-bundle-mode/__tests__/hmr-full-bundle-mode.spec.ts:228
    const original = readFile('invalidation-child.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0e1998877ea3508d Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:299
      const originalUnresolvedFile = readFile('unresolved.ts')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a7011593513723cc Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:302
        fs.writeFileSync(filepath, originalUnresolvedFile, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3dbe1c532fe2666c Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:785
  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f17dc5a2dad5d152 Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:855
  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f101cdea257f2089 Filesystem access.
repo/playground/hmr/__tests__/hmr.spec.ts:924
    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f3e21cac41166e8c Filesystem access.
repo/playground/hmr/__tests__/hmr.spec.ts:1001
    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #714e198c18fdaa47 Filesystem access.
repo/playground/hmr/vite.config.ts:114
        const dep = await fs.readFile(depPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a00175b32c118416 Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:308
      const mapContent = readFile(`dist/assets/${mapAsset}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #aaf72e064f70e3ce Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:384
      const jsContent = readFile(jsAsset)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #36e0cbe345e79d34 Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:395
      const mapContent = readFile(mapFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3a64287a1f278e3e Filesystem access.
repo/playground/json/__tests__/csr/json-csr.spec.ts:48
    readFileSync(require.resolve('../../test.json'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #83da30cbb1699c94 Filesystem access.
repo/playground/legacy/__tests__/legacy.spec.ts:171
          readFile(`dist/assets/${filename}`).includes('Unable to preload'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e26fa7fd102bd9c2 Filesystem access.
repo/playground/legacy/vite.config-chunk-importmap.js:21
    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d363c2628718dcfd Filesystem access.
repo/playground/legacy/vite.config-chunk-importmap.js:25
    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #356c8239a7c7fa59 Filesystem access.
repo/playground/legacy/vite.config.js:45
    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #abd31a7dddd3c9b7 Filesystem access.
repo/playground/legacy/vite.config.js:49
    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #acb9b77b0981e4d8 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:11
    const code = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e82ad742fa2efc09 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:12
    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.umd.cjs',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5f528367018734e0 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:15
    const namedCode = readFile('dist/named/my-lib-named.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4bc1ef5b80703d53 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:26
    const code = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c5ea39337b9a3dc6 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:27
    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #86069a58e95a07a0 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:30
    const namedCode = readFile('dist/named/my-lib-named.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #37a4ff7848389db7 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:40
    const code = readFile(
      'dist/helpers-injection/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #49943959854c27d4 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:52
    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bfd734feab2a58fe Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:60
    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d06d843f2ab15152 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:70
    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #31ff5b0fe77e6a44 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:75
    const es = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b3473af12509b6d1 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:87
    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #43f075e653478931 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:88
    const iife = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #84caa05961e712e6 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:89
    const umd = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #08a97af0f5cd9226 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:96
    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5e2b3c5c433acb06 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:101
    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #601bcbfea2d12a13 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:106
    const terserIife = readFile('dist/terser/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9e463aba14dda8a2 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:111
    const css = readFile('dist/css-single-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3ec76e37eb70ad40 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:112
    const js = readFile('dist/css-single-entry/test-my-lib.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e13d52cfee5fc313 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:113
    const umd = readFile('dist/css-single-entry/test-my-lib.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ee630819fc14d788 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:120
    const css = readFile('dist/css-multi-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2eb8863f96754c93 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:121
    const js1 = readFile('dist/css-multi-entry/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #86f1a0b55da380f2 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:122
    const js2 = readFile('dist/css-multi-entry/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #65d1975db44af9eb Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:123
    const cjs1 = readFile('dist/css-multi-entry/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e76947bc04cda094 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:124
    const cjs2 = readFile('dist/css-multi-entry/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #88ee7a251fbf37b6 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:134
    const css1 = readFile('dist/css-code-split/css-entry-1.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fd46c29eae714ef5 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:135
    const css2 = readFile('dist/css-code-split/css-entry-2.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d46a28c4f322c263 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:136
    const js1 = readFile('dist/css-code-split/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3e4c55a8dbcc84de Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:137
    const js2 = readFile('dist/css-code-split/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #00987847ee44578b Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:138
    const cjs1 = readFile('dist/css-code-split/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2558e5d7ffc485ef Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:139
    const cjs2 = readFile('dist/css-code-split/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #85eab5f772a6ec08 Environment-variable access.
repo/playground/lib/__tests__/serve.ts:26
    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5ce9c4b58ca42da6 Environment-variable access.
repo/playground/lib/src/main.js:8
  console.log(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #53596bce5b92e5ad Filesystem access.
repo/playground/lib/vite.config.js:38
          source: fs.readFileSync(
            path.resolve(import.meta.dirname, 'index.dist.html'),
            'utf-8',
          ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55d305797a7d2af3 Environment-variable access.
repo/playground/lib/vite.multiple-output.config.js:4
const root = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #039ec5f490233641 Filesystem access.
repo/playground/minify/__tests__/minify.spec.ts:11
  const jsContent = readFile(path.resolve(assetsDir, jsFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #50b97df9c90df90f Filesystem access.
repo/playground/minify/__tests__/minify.spec.ts:14
  const cssContent = readFile(path.resolve(assetsDir, cssFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1a0121bc9306dbd3 Environment-variable access.
repo/playground/optimize-deps-no-discovery/vite.config.js:4
process.env.NODE_ENV = ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd867565e07cf73c Environment-variable access.
repo/playground/optimize-deps/dep-cjs-with-external-deps/index.js:5
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f31c2a2cc51e66d Filesystem access.
repo/playground/optimize-deps/dep-linked-include/index.mjs:16
  fs.readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b256488cdab86ac4 Environment-variable access.
repo/playground/optimize-deps/dep-node-env/index.js:1
export const env = process.env.NODE_ENV === 'production' ? 'prod' : 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #622e5228fdb776c4 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4a3c09625149d0e4 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:20
  return fs.readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #060b754ee17ccba6 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:3
import { readFileSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #551fbf4eca644a52 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:9
  readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b970c78cad766cb1 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:23
  return readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5fd58d9c30adb060 Filesystem access.
repo/playground/optimize-deps/vite.config.js:116
                    let contents = fs.readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7b6456e582dbf89 Environment-variable access.
repo/playground/optimize-missing-deps/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7bd98e482dd0f9e5 Filesystem access.
repo/playground/optimize-missing-deps/server.js:33
      let template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #73afbe04c9ada293 Environment-variable access.
repo/playground/ssr-alias/src/main.js:8
  builtin: process.env['__TEST_ALIAS__'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #912fc95da6166cb0 Environment-variable access.
repo/playground/ssr-conditions/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ef51788309468c1 Environment-variable access.
repo/playground/ssr-conditions/server.js:10
  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d4f7bb988689bcbc Filesystem access.
repo/playground/ssr-conditions/server.js:16
    ? fs.readFileSync(resolve('dist/client/index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f23a89fe392c8b04 Filesystem access.
repo/playground/ssr-conditions/server.js:56
        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1bf6187f5267639c Environment-variable access.
repo/playground/ssr-deps/__tests__/ssr-deps.spec.ts:103
    `Hello World from ${process.env.NODE_ENV}!`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b7b6fd8b6624c65 Filesystem access.
repo/playground/ssr-deps/read-file-content/index.js:5
  return await fs.readFile(path.resolve(filePath), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e3f55687e6b999d Environment-variable access.
repo/playground/ssr-deps/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4954ca29a6cc090e Filesystem access.
repo/playground/ssr-deps/server.js:100
      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f87c8d42c299cfcc Environment-variable access.
repo/playground/ssr-html/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8365c376cadbe5d8 Filesystem access.
repo/playground/ssr-html/server.js:79
        const template = fs.readFileSync(resolve(`.${url}index.html`), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bce6d2db5d05a752 Filesystem access.
repo/playground/ssr-html/server.js:94
      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #265f58440657fef7 Environment-variable access.
repo/playground/ssr-html/test-stacktrace.js:10
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c7cc25bbee06923 Environment-variable access.
repo/playground/ssr-noexternal/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1933d15173ea72e0 Environment-variable access.
repo/playground/ssr-noexternal/server.js:9
  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #938f4f80c4b7cf2d Filesystem access.
repo/playground/ssr-noexternal/server.js:15
    ? fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b84908c2202ef31b Filesystem access.
repo/playground/ssr-noexternal/server.js:54
        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #896fea7b1c0cc826 Environment-variable access.
repo/playground/ssr-pug/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a91c02c43f667cb6 Filesystem access.
repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:9
  const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8b0ffbe2e0c64716 Filesystem access.
repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:38
    const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #170debf84f8e34ab Environment-variable access.
repo/playground/ssr-wasm/server.js:3
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a32b3de610e5688d Environment-variable access.
repo/playground/ssr-wasm/server.js:4
const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee5537d47f97bcb4 Environment-variable access.
repo/playground/ssr-webworker/worker.js:4
const isTest = !!process.env.TEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c6bbe7674eca6434 Environment-variable access.
repo/playground/ssr/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #57ca376e004a1066 Filesystem access.
repo/playground/ssr/server.js:47
      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b747751952749ee9 Filesystem access.
repo/playground/test-utils.ts:164
  return fs.readFileSync(path.resolve(testDir, filename), encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b957b945bc7d48d1 Filesystem access.
repo/playground/test-utils.ts:190
  const content: string | Buffer = fs.readFileSync(filename, encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a9590a926d031d37 Filesystem access.
repo/playground/test-utils.ts:204
  fs.writeFileSync(filename, modified)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7cd681babf2eae04 Filesystem access.
repo/playground/test-utils.ts:210
  fs.writeFileSync(resolvedFilename, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b3132f27edcde99 Filesystem access.
repo/playground/test-utils.ts:243
            fs.readFileSync(path.resolve(assetsDir, file), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3580e23d8a7dbca0 Filesystem access.
repo/playground/test-utils.ts:250
      ? fs.readFileSync(path.resolve(assetsDir, matchedFile), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cbcf381b3a89aa05 Filesystem access.
repo/playground/test-utils.ts:257
    fs.readFileSync(
      path.join(testDir, 'dist', base, '.vite/manifest.json'),
      'utf-8',
    ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc2de7d31bcccbc2 Filesystem access.
repo/playground/test-utils.ts:269
    fs.readFileSync(
      path.join(testDir, `node_modules/.vite/deps${suffix}/_metadata.json`),
      'utf-8',
    ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #04a13038989ac325 Filesystem access.
repo/playground/tsconfig-json-load-error/__tests__/tsconfig-json-load-error.spec.ts:18
      readFile('dist/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1a422c113e9ff7c4 Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:37
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8936fd86007e00dd Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:51
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e42a5ddb6f6a5b9f Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:66
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ca2c6c28d2746114 Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:81
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #84295de0fdd11a3d Environment-variable access.
repo/playground/vitestGlobalSetup.ts:13
    headless: !process.env.VITE_DEBUG_SERVE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44a4f3182477f386 Environment-variable access.
repo/playground/vitestGlobalSetup.ts:14
    args: process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f4eead2a2337439 Environment-variable access.
repo/playground/vitestGlobalSetup.ts:68
  if (!process.env.VITE_PRESERVE_BUILD_ARTIFACTS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f93eb5bddee3e1ea Environment-variable access.
repo/playground/vitestSetup.ts:66
export const isBuild = !!process.env.VITE_TEST_BUILD

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a23beb8df00234c Environment-variable access.
repo/playground/vitestSetup.ts:157
        process.env.VITE_DEBUG_SERVE &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e204d744a1aee35 Environment-variable access.
repo/playground/vitestSetup.ts:279
    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9bdf1c43f07f69fe Environment-variable access.
repo/playground/vitestSetup.ts:288
    process.env.VITE_INLINE = 'inline-build'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #afb91dde40655bb2 Environment-variable access.
repo/playground/vitestSetup.ts:324
    const _nodeEnv = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #37cc6fd705dfec21 Environment-variable access.
repo/playground/vitestSetup.ts:327
    process.env.NODE_ENV = _nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6110d7e6941a9371 Environment-variable access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:10
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #60f9a1e2693b1450 Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:103
      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a9852eaedf555341 Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:111
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ed3afd4e5e016b6f Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:113
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d878a500da8b86b0 Environment-variable access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:19
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #be73d6e44ff4d711 Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:90
      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6070ccbad757bb0a Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:98
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8cf628b89e910d55 Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:100
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c956e1c3ac9dff9e Environment-variable access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:10
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #81bc5384e89e2a01 Filesystem access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:66
    const content = fs.readFileSync(path.resolve(chunksDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1f19dac70e547dbf Filesystem access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:73
    const workerContent = fs.readFileSync(
      path.resolve(workerEntriesDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ec03ddecf2127935 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:20
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #120d164172dadf65 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:23
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #042a39dec0f999a4 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:31
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a1a688d2bad7ae68 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:39
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #97ea58be69f02e33 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:49
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e40fba5da665b865 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:57
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #de6b7976c743ec03 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:14
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8d7328c433a93d28 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:17
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8a70ee0a889cbad1 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:25
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fcaf01ec3998b8ad Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:33
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1fc93a87dfa7ecb6 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:43
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a7adf1b426528337 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:51
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #95731d5c83ef0e1b Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:20
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #97acbb0e8c7cf2bd Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:23
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #39aa84348779f753 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:31
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7f8ea5bf4d944293 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:39
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #562382f869f1d40e Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:49
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d82fb2379cd7eaff Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:57
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #717adee06404afd1 Environment-variable access.
repo/playground/worker/modules/workerImport.ts:2
export const mode = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c62210bef240e3e2 Environment-variable access.
repo/playground/worker/worker-sourcemap-config.js:7
    /** @type {'inline' | 'hidden' | 'sourcemap'} */ (
      process.env.WORKER_MODE
    ) || sourcemap

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/assets

npm first-party
expand_more 5 low-confidence finding(s)
low env_fs test-only #96b0a9b4d4a57780 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:536
  const src = readFile('foo.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #46e54f409922aaad Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:555
    const src = readFile('テスト-測試-white space.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fea2ccd43ead1a87 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:579
    const newContent = readFile('import-meta-url/img-update.png', null)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7059348c9ef833cc Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:787
  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7e02afb77fcfd092 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:794
  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/csp

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #d354eab3bfab1184 Filesystem access.
repo/playground/csp/vite.config.js:28
  const content = await fs.readFile(
    path.join(import.meta.dirname, file),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/css

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs test-only #9ba0bf53c1402310 Filesystem access.
repo/playground/css/__tests__/tests.ts:412
    readFileSync(require.resolve('../raw-imported.css'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #91b8c6e3503e9bd6 Filesystem access.
repo/playground/css/postcss.config.js:23
        const text = files.map((f) => fs.readFileSync(f, 'utf-8')).join('\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/css-lightningcss-proxy

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #170ee5a65c60b04b Environment-variable access.
repo/playground/css-lightningcss-proxy/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83837a04482d14b5 Filesystem access.
repo/playground/css-lightningcss-proxy/server.js:59
      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/env

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs test-only #35a0b85c4755c967 Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:52
  expect(await page.textContent('.node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #08d93a585d328c73 Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:53
  expect(await page.textContent('.global-node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b82f9c502c459322 Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:55
    process.env.NODE_ENV,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8826968aa94f3aa Environment-variable access.
repo/playground/env/vite.config.js:3
process.env.EXPAND = 'expand'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/environment-react-ssr

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs test-only #d20d64eee171049f Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:49
      fs.readFileSync(file, 'utf-8').includes('process.env.NODE_ENV'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #562b07766515ba7c Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:67
      const originalContent = readFile(filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e6f44edced79bcd5 Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:68
      fs.writeFileSync(
        filePath,
        `import 'react-fake-${env}'\n${originalContent}`,
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5b8e72d67b4c03d5 Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:74
        fs.writeFileSync(filePath, originalContent, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/external

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #6ab8c56b75b70658 Filesystem access.
repo/playground/external/vite.config.js:13
      const code = await fs.readFile(
        new URL(`./node_modules/${file}`, import.meta.url),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/fs-serve

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs test-only #a71017d2be81e65c Filesystem access.
repo/playground/fs-serve/__tests__/commonTests.ts:26
const safeJsonContent = fs.readFileSync(
  path.resolve(import.meta.dirname, '../safe.json'),
  'utf-8',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/hmr

npm first-party
expand_more 3 low-confidence finding(s)
low env_fs test-only #f101cdea257f2089 Filesystem access.
repo/playground/hmr/__tests__/hmr.spec.ts:924
    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f3e21cac41166e8c Filesystem access.
repo/playground/hmr/__tests__/hmr.spec.ts:1001
    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #714e198c18fdaa47 Filesystem access.
repo/playground/hmr/vite.config.ts:114
        const dep = await fs.readFile(depPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/hmr-full-bundle-mode

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs test-only #b74ae5127439a32b Filesystem access.
repo/playground/hmr-full-bundle-mode/__tests__/hmr-full-bundle-mode.spec.ts:144
    const original = readFile('hmr-asset.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #72d5f2a63a29cbef Filesystem access.
repo/playground/hmr-full-bundle-mode/__tests__/hmr-full-bundle-mode.spec.ts:228
    const original = readFile('invalidation-child.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/hmr-ssr

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs test-only #0e1998877ea3508d Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:299
      const originalUnresolvedFile = readFile('unresolved.ts')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a7011593513723cc Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:302
        fs.writeFileSync(filepath, originalUnresolvedFile, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3dbe1c532fe2666c Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:785
  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f17dc5a2dad5d152 Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:855
  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/js-sourcemap

npm first-party
expand_more 3 low-confidence finding(s)
low env_fs test-only #a00175b32c118416 Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:308
      const mapContent = readFile(`dist/assets/${mapAsset}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #aaf72e064f70e3ce Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:384
      const jsContent = readFile(jsAsset)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #36e0cbe345e79d34 Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:395
      const mapContent = readFile(mapFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/json

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs test-only #3a64287a1f278e3e Filesystem access.
repo/playground/json/__tests__/csr/json-csr.spec.ts:48
    readFileSync(require.resolve('../../test.json'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/legacy

npm first-party
expand_more 5 low-confidence finding(s)
low env_fs test-only #83da30cbb1699c94 Filesystem access.
repo/playground/legacy/__tests__/legacy.spec.ts:171
          readFile(`dist/assets/${filename}`).includes('Unable to preload'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e26fa7fd102bd9c2 Filesystem access.
repo/playground/legacy/vite.config-chunk-importmap.js:21
    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d363c2628718dcfd Filesystem access.
repo/playground/legacy/vite.config-chunk-importmap.js:25
    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #356c8239a7c7fa59 Filesystem access.
repo/playground/legacy/vite.config.js:45
    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #abd31a7dddd3c9b7 Filesystem access.
repo/playground/legacy/vite.config.js:49
    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/lib

npm first-party
expand_more 35 low-confidence finding(s)
low env_fs test-only #acb9b77b0981e4d8 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:11
    const code = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e82ad742fa2efc09 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:12
    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.umd.cjs',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5f528367018734e0 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:15
    const namedCode = readFile('dist/named/my-lib-named.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4bc1ef5b80703d53 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:26
    const code = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c5ea39337b9a3dc6 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:27
    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #86069a58e95a07a0 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:30
    const namedCode = readFile('dist/named/my-lib-named.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #37a4ff7848389db7 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:40
    const code = readFile(
      'dist/helpers-injection/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #49943959854c27d4 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:52
    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bfd734feab2a58fe Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:60
    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d06d843f2ab15152 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:70
    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #31ff5b0fe77e6a44 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:75
    const es = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b3473af12509b6d1 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:87
    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #43f075e653478931 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:88
    const iife = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #84caa05961e712e6 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:89
    const umd = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #08a97af0f5cd9226 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:96
    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5e2b3c5c433acb06 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:101
    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #601bcbfea2d12a13 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:106
    const terserIife = readFile('dist/terser/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9e463aba14dda8a2 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:111
    const css = readFile('dist/css-single-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3ec76e37eb70ad40 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:112
    const js = readFile('dist/css-single-entry/test-my-lib.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e13d52cfee5fc313 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:113
    const umd = readFile('dist/css-single-entry/test-my-lib.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ee630819fc14d788 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:120
    const css = readFile('dist/css-multi-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2eb8863f96754c93 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:121
    const js1 = readFile('dist/css-multi-entry/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #86f1a0b55da380f2 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:122
    const js2 = readFile('dist/css-multi-entry/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #65d1975db44af9eb Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:123
    const cjs1 = readFile('dist/css-multi-entry/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e76947bc04cda094 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:124
    const cjs2 = readFile('dist/css-multi-entry/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #88ee7a251fbf37b6 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:134
    const css1 = readFile('dist/css-code-split/css-entry-1.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fd46c29eae714ef5 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:135
    const css2 = readFile('dist/css-code-split/css-entry-2.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d46a28c4f322c263 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:136
    const js1 = readFile('dist/css-code-split/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3e4c55a8dbcc84de Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:137
    const js2 = readFile('dist/css-code-split/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #00987847ee44578b Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:138
    const cjs1 = readFile('dist/css-code-split/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2558e5d7ffc485ef Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:139
    const cjs2 = readFile('dist/css-code-split/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #85eab5f772a6ec08 Environment-variable access.
repo/playground/lib/__tests__/serve.ts:26
    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5ce9c4b58ca42da6 Environment-variable access.
repo/playground/lib/src/main.js:8
  console.log(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #53596bce5b92e5ad Filesystem access.
repo/playground/lib/vite.config.js:38
          source: fs.readFileSync(
            path.resolve(import.meta.dirname, 'index.dist.html'),
            'utf-8',
          ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55d305797a7d2af3 Environment-variable access.
repo/playground/lib/vite.multiple-output.config.js:4
const root = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/minify

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs test-only #039ec5f490233641 Filesystem access.
repo/playground/minify/__tests__/minify.spec.ts:11
  const jsContent = readFile(path.resolve(assetsDir, jsFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #50b97df9c90df90f Filesystem access.
repo/playground/minify/__tests__/minify.spec.ts:14
  const cssContent = readFile(path.resolve(assetsDir, cssFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps

npm first-party
expand_more 9 low-confidence finding(s)
low env_fs production #dd867565e07cf73c Environment-variable access.
repo/playground/optimize-deps/dep-cjs-with-external-deps/index.js:5
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f31c2a2cc51e66d Filesystem access.
repo/playground/optimize-deps/dep-linked-include/index.mjs:16
  fs.readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b256488cdab86ac4 Environment-variable access.
repo/playground/optimize-deps/dep-node-env/index.js:1
export const env = process.env.NODE_ENV === 'production' ? 'prod' : 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #622e5228fdb776c4 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4a3c09625149d0e4 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:20
  return fs.readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #060b754ee17ccba6 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:3
import { readFileSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #551fbf4eca644a52 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:9
  readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b970c78cad766cb1 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:23
  return readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5fd58d9c30adb060 Filesystem access.
repo/playground/optimize-deps/vite.config.js:116
                    let contents = fs.readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps-no-discovery

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #1a0121bc9306dbd3 Environment-variable access.
repo/playground/optimize-deps-no-discovery/vite.config.js:4
process.env.NODE_ENV = ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-cjs-with-external-deps

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #dd867565e07cf73c Environment-variable access.
repo/playground/optimize-deps/dep-cjs-with-external-deps/index.js:5
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-linked-include

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #1f31c2a2cc51e66d Filesystem access.
repo/playground/optimize-deps/dep-linked-include/index.mjs:16
  fs.readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-node-env

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #b256488cdab86ac4 Environment-variable access.
repo/playground/optimize-deps/dep-node-env/index.js:1
export const env = process.env.NODE_ENV === 'production' ? 'prod' : 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-with-builtin-module-cjs

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #622e5228fdb776c4 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4a3c09625149d0e4 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:20
  return fs.readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-with-builtin-module-esm

npm first-party
expand_more 3 low-confidence finding(s)
low env_fs production #060b754ee17ccba6 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:3
import { readFileSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #551fbf4eca644a52 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:9
  readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b970c78cad766cb1 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:23
  return readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-missing-deps

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #f7b6456e582dbf89 Environment-variable access.
repo/playground/optimize-missing-deps/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7bd98e482dd0f9e5 Filesystem access.
repo/playground/optimize-missing-deps/server.js:33
      let template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #c6bbe7674eca6434 Environment-variable access.
repo/playground/ssr/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #57ca376e004a1066 Filesystem access.
repo/playground/ssr/server.js:47
      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-alias

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #73afbe04c9ada293 Environment-variable access.
repo/playground/ssr-alias/src/main.js:8
  builtin: process.env['__TEST_ALIAS__'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-conditions

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs production #912fc95da6166cb0 Environment-variable access.
repo/playground/ssr-conditions/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ef51788309468c1 Environment-variable access.
repo/playground/ssr-conditions/server.js:10
  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d4f7bb988689bcbc Filesystem access.
repo/playground/ssr-conditions/server.js:16
    ? fs.readFileSync(resolve('dist/client/index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f23a89fe392c8b04 Filesystem access.
repo/playground/ssr-conditions/server.js:56
        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-deps

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs test-only #1bf6187f5267639c Environment-variable access.
repo/playground/ssr-deps/__tests__/ssr-deps.spec.ts:103
    `Hello World from ${process.env.NODE_ENV}!`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b7b6fd8b6624c65 Filesystem access.
repo/playground/ssr-deps/read-file-content/index.js:5
  return await fs.readFile(path.resolve(filePath), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e3f55687e6b999d Environment-variable access.
repo/playground/ssr-deps/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4954ca29a6cc090e Filesystem access.
repo/playground/ssr-deps/server.js:100
      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-deps/read-file-content

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #3b7b6fd8b6624c65 Filesystem access.
repo/playground/ssr-deps/read-file-content/index.js:5
  return await fs.readFile(path.resolve(filePath), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-html

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs production #f87c8d42c299cfcc Environment-variable access.
repo/playground/ssr-html/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8365c376cadbe5d8 Filesystem access.
repo/playground/ssr-html/server.js:79
        const template = fs.readFileSync(resolve(`.${url}index.html`), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bce6d2db5d05a752 Filesystem access.
repo/playground/ssr-html/server.js:94
      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #265f58440657fef7 Environment-variable access.
repo/playground/ssr-html/test-stacktrace.js:10
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-noexternal

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs production #8c7cc25bbee06923 Environment-variable access.
repo/playground/ssr-noexternal/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1933d15173ea72e0 Environment-variable access.
repo/playground/ssr-noexternal/server.js:9
  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #938f4f80c4b7cf2d Filesystem access.
repo/playground/ssr-noexternal/server.js:15
    ? fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b84908c2202ef31b Filesystem access.
repo/playground/ssr-noexternal/server.js:54
        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-pug

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #896fea7b1c0cc826 Environment-variable access.
repo/playground/ssr-pug/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-resolve

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs test-only #a91c02c43f667cb6 Filesystem access.
repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:9
  const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8b0ffbe2e0c64716 Filesystem access.
repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:38
    const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-wasm

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #170debf84f8e34ab Environment-variable access.
repo/playground/ssr-wasm/server.js:3
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a32b3de610e5688d Environment-variable access.
repo/playground/ssr-wasm/server.js:4
const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-webworker

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #ee5537d47f97bcb4 Environment-variable access.
repo/playground/ssr-webworker/worker.js:4
const isTest = !!process.env.TEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/tsconfig-json

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs test-only #1a422c113e9ff7c4 Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:37
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8936fd86007e00dd Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:51
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e42a5ddb6f6a5b9f Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:66
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ca2c6c28d2746114 Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:81
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/tsconfig-json-load-error

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs test-only #04a13038989ac325 Filesystem access.
repo/playground/tsconfig-json-load-error/__tests__/tsconfig-json-load-error.spec.ts:18
      readFile('dist/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/worker

npm first-party
expand_more 31 low-confidence finding(s)
low env_fs test-only #6110d7e6941a9371 Environment-variable access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:10
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #60f9a1e2693b1450 Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:103
      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a9852eaedf555341 Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:111
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ed3afd4e5e016b6f Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:113
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d878a500da8b86b0 Environment-variable access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:19
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #be73d6e44ff4d711 Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:90
      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6070ccbad757bb0a Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:98
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8cf628b89e910d55 Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:100
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c956e1c3ac9dff9e Environment-variable access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:10
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #81bc5384e89e2a01 Filesystem access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:66
    const content = fs.readFileSync(path.resolve(chunksDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1f19dac70e547dbf Filesystem access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:73
    const workerContent = fs.readFileSync(
      path.resolve(workerEntriesDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ec03ddecf2127935 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:20
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #120d164172dadf65 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:23
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #042a39dec0f999a4 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:31
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a1a688d2bad7ae68 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:39
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #97ea58be69f02e33 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:49
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e40fba5da665b865 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:57
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #de6b7976c743ec03 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:14
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8d7328c433a93d28 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:17
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8a70ee0a889cbad1 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:25
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fcaf01ec3998b8ad Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:33
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1fc93a87dfa7ecb6 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:43
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a7adf1b426528337 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:51
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #95731d5c83ef0e1b Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:20
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #97acbb0e8c7cf2bd Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:23
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #39aa84348779f753 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:31
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7f8ea5bf4d944293 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:39
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #562382f869f1d40e Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:49
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d82fb2379cd7eaff Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:57
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #717adee06404afd1 Environment-variable access.
repo/playground/worker/modules/workerImport.ts:2
export const mode = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c62210bef240e3e2 Environment-variable access.
repo/playground/worker/worker-sourcemap-config.js:7
    /** @type {'inline' | 'hidden' | 'sourcemap'} */ (
      process.env.WORKER_MODE
    ) || sourcemap

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

  • first-party (npm): playground/proxy-hmr/other-app prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__ prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/packages prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/plugins/fixtures/license prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/plugins/fixtures/license/dep-nested-license-isc prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/plugins/fixtures/license/dep-licence-cc0 prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/plugins/fixtures/license/dep-license-mit prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/plugins/fixtures/sass-package-resolution/node_modules/sass-pkg-with-index prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/watch-rebuild-manifest prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/test-dep-conditions prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/cjs-ssr-dep prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/scan-subpath-import-glob prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/file-url prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/config/plugin-module-condition prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/config/siblings prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/config/import-meta prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/config/entry prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/glob-exports/node_modules/my-pkg prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/packages/noname prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/packages/parent prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/packages/child prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/packages/module prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/packages/name prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/watcher prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/pnpm prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/yarn prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/lerna/nested prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/deno/nested prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/pnpm/nested prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/yarn/nested prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/none/nested prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/ssr/runtime/__tests__ prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/live-binding prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/cyclic2 prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/cjs-external prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/esm-external prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/invalid-package/deps/test-dep-invalid-exports prod — scan budget exceeded
  • first-party (npm): docs prod — scan budget exceeded
  • lightningcss prod — scan budget exceeded
  • picomatch prod — scan budget exceeded
  • postcss prod — scan budget exceeded
  • tinyglobby prod — scan budget exceeded
  • @babel/core prod — scan budget exceeded
  • @babel/plugin-transform-dynamic-import prod — scan budget exceeded
  • @babel/plugin-transform-modules-systemjs prod — scan budget exceeded
  • @babel/preset-env prod — scan budget exceeded
  • babel-plugin-polyfill-corejs3 prod — scan budget exceeded
  • babel-plugin-polyfill-regenerator prod — scan budget exceeded
  • browserslist prod — scan budget exceeded
  • browserslist-to-esbuild prod — scan budget exceeded
  • core-js prod — scan budget exceeded
  • regenerator-runtime prod — scan budget exceeded
  • systemjs prod — scan budget exceeded
  • @tailwindcss/vite prod — scan budget exceeded
  • tailwindcss prod — scan budget exceeded
  • @vitejs/test-dep-no-discovery prod — scan budget exceeded
  • vue prod — scan budget exceeded
  • vuex prod — scan budget exceeded
  • clipboard prod — scan budget exceeded
  • @vitejs/test-dep-cjs-browser-field prod — scan budget exceeded
  • @vitejs/longfilename-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa prod — scan budget exceeded
  • @vitejs/test-dep-alias-using-absolute-path prod — scan budget exceeded
  • @vitejs/test-dep-cjs-browser-field-bare prod — scan budget exceeded
  • @vitejs/test-dep-cjs-compiled-from-cjs prod — scan budget exceeded
  • @vitejs/test-dep-cjs-compiled-from-esm prod — scan budget exceeded
  • @vitejs/test-dep-cjs-with-assets prod — scan budget exceeded
  • @vitejs/test-dep-cjs-with-es-module-flag prod — scan budget exceeded
  • @vitejs/test-dep-cjs-with-external-deps prod — scan budget exceeded
  • @vitejs/test-dep-cjs-css-main-field prod — scan budget exceeded
  • @vitejs/test-dep-cjs-require-css-main-field prod — scan budget exceeded
  • @vitejs/test-dep-css-require prod — scan budget exceeded
  • @vitejs/test-dep-esbuild-plugin-transform prod — scan budget exceeded
  • @vitejs/test-dep-incompatible prod — scan budget exceeded
  • @vitejs/test-dep-linked prod — scan budget exceeded
  • @vitejs/test-dep-linked-include prod — scan budget exceeded
  • @vitejs/test-dep-node-env prod — scan budget exceeded
  • @vitejs/test-dep-not-js prod — scan budget exceeded
  • @vitejs/test-dep-optimize-exports-with-glob prod — scan budget exceeded
  • @vitejs/test-dep-optimize-exports-with-root-glob prod — scan budget exceeded
  • @vitejs/test-dep-optimize-with-glob prod — scan budget exceeded
  • @vitejs/test-dep-relative-to-main prod — scan budget exceeded
  • @vitejs/test-dep-source-map-no-sources prod — scan budget exceeded
  • @vitejs/test-dep-with-asset-ext1.pdf prod — scan budget exceeded
  • @vitejs/test-dep-with-asset-ext2.pdf prod — scan budget exceeded
  • @vitejs/test-dep-with-builtin-module-cjs prod — scan budget exceeded
  • @vitejs/test-dep-with-builtin-module-esm prod — scan budget exceeded
  • @vitejs/test-dep-with-dynamic-import prod — scan budget exceeded
  • @vitejs/test-dep-with-optional-peer-dep prod — scan budget exceeded
  • @vitejs/test-dep-with-optional-peer-dep-cjs prod — scan budget exceeded
  • @vitejs/test-dep-with-optional-peer-dep-submodule prod — scan budget exceeded
  • @vitejs/test-dep-with-plus-subpath prod — scan budget exceeded
  • @vitejs/test-dep-non-optimized prod — scan budget exceeded
  • @vitejs/test-added-in-entries prod — scan budget exceeded
  • @vitejs/test-dep-cjs-external-package-omit-js-suffix prod — scan budget exceeded
  • @vitejs/test-dep-with-assets prod — scan budget exceeded
  • @vitejs/test-dep-lodash prod — scan budget exceeded
  • @vitejs/test-dep-lodash.clonedeep prod — scan budget exceeded
  • @vitejs/test-dep-lodash-es prod — scan budget exceeded
  • @vitejs/test-nested-exclude prod — scan budget exceeded
  • phoenix prod — scan budget exceeded
  • react prod — scan budget exceeded
  • react-dom prod — scan budget exceeded
  • @vitejs/test-resolve-linked prod — scan budget exceeded
  • @vitejs/test-alias-original prod — scan budget exceeded
  • aliased-module prod — scan budget exceeded
  • @vue/shared prod — scan budget exceeded
  • @vitejs/test-dep-that-imports prod — scan budget exceeded
  • @vitejs/test-dep-that-requires prod — scan budget exceeded
  • @vitejs/test-commonjs-dep prod — scan budget exceeded
  • @vitejs/test-deep-import prod — scan budget exceeded
  • @vitejs/test-entries prod — scan budget exceeded
  • @vitejs/test-module-sync prod — scan budget exceeded
  • @vitejs/test-resolve-pkg-exports prod — scan budget exceeded
  • @tailwindcss/postcss prod — scan budget exceeded
  • @vitejs/test-external-cjs prod — scan budget exceeded
  • @vitejs/test-require-external-cjs prod — scan budget exceeded
  • @vitejs/test-import-meta-glob-pkg prod — scan budget exceeded
  • @vitejs/test-ssr-conditions-external prod — scan budget exceeded
  • @vitejs/test-ssr-conditions-no-external prod — scan budget exceeded
  • autoprefixer prod — scan budget exceeded
  • @babel/runtime prod — scan budget exceeded
  • normalize.css prod — scan budget exceeded
  • @vitejs/test-resolve-browser-field prod — scan budget exceeded
  • @vitejs/test-resolve-browser-module-field1 prod — scan budget exceeded
  • @vitejs/test-resolve-custom-condition prod — scan budget exceeded

Development

  • @eslint/js dev — scan budget exceeded
  • @type-challenges/utils dev — scan budget exceeded
  • @types/babel__core dev — scan budget exceeded
  • @types/babel__preset-env dev — scan budget exceeded
  • @types/convert-source-map dev — scan budget exceeded
  • @types/cross-spawn dev — scan budget exceeded
  • @types/etag dev — scan budget exceeded
  • @types/less dev — scan budget exceeded
  • @types/node dev — scan budget exceeded
  • @types/picomatch dev — scan budget exceeded
  • @types/stylus dev — scan budget exceeded
  • @types/ws dev — scan budget exceeded
  • @vitejs/release-scripts dev — scan budget exceeded
  • eslint dev — scan budget exceeded
  • eslint-plugin-import-x dev — scan budget exceeded
  • eslint-plugin-n dev — scan budget exceeded
  • eslint-plugin-regexp dev — scan budget exceeded
  • execa dev — scan budget exceeded
  • globals dev — scan budget exceeded
  • lint-staged dev — scan budget exceeded
  • oxfmt dev — scan budget exceeded
  • picocolors dev — scan budget exceeded
  • playwright-chromium dev — scan budget exceeded
  • rolldown dev — scan budget exceeded
  • rollup dev — scan budget exceeded
  • simple-git-hooks dev — scan budget exceeded
  • tsx dev — scan budget exceeded
  • typescript dev — scan budget exceeded
  • typescript-eslint dev — scan budget exceeded
  • vite dev — scan budget exceeded
  • vitest dev — scan budget exceeded
  • @clack/prompts dev — scan budget exceeded
  • @vercel/detect-agent dev — scan budget exceeded
  • cross-spawn dev — scan budget exceeded
  • mri dev — scan budget exceeded
  • tsdown dev — scan budget exceeded
  • unrun dev — scan budget exceeded
  • @babel/parser dev — scan budget exceeded
  • @jridgewell/remapping dev — scan budget exceeded
  • @jridgewell/trace-mapping dev — scan budget exceeded
  • @polka/compression dev — scan budget exceeded
  • @rollup/plugin-alias dev — scan budget exceeded
  • @rollup/plugin-dynamic-import-vars dev — scan budget exceeded
  • @rollup/pluginutils dev — scan budget exceeded
  • @types/escape-html dev — scan budget exceeded
  • @types/pnpapi dev — scan budget exceeded
  • @vitejs/devtools dev — scan budget exceeded
  • @vitest/utils dev — scan budget exceeded
  • @voidzero-dev/vite-task-client dev — scan budget exceeded
  • artichokie dev — scan budget exceeded
  • baseline-browser-mapping dev — scan budget exceeded
  • cac dev — scan budget exceeded
  • chokidar dev — scan budget exceeded
  • connect dev — scan budget exceeded
  • convert-source-map dev — scan budget exceeded
  • cors dev — scan budget exceeded
  • dotenv-expand dev — scan budget exceeded
  • es-module-lexer dev — scan budget exceeded
  • esbuild dev — scan budget exceeded
  • escape-html dev — scan budget exceeded
  • estree-walker dev — scan budget exceeded
  • etag dev — scan budget exceeded
  • fresh-import dev — scan budget exceeded
  • host-validation-middleware dev — scan budget exceeded
  • http-proxy-3 dev — scan budget exceeded
  • launch-editor-middleware dev — scan budget exceeded
  • magic-string dev — scan budget exceeded
  • mlly dev — scan budget exceeded
  • mrmime dev — scan budget exceeded
  • nanoid dev — scan budget exceeded
  • obug dev — scan budget exceeded
  • open dev — scan budget exceeded
  • parse5 dev — scan budget exceeded
  • pathe dev — scan budget exceeded
  • periscopic dev — scan budget exceeded
  • postcss-import dev — scan budget exceeded
  • postcss-load-config dev — scan budget exceeded
  • postcss-modules dev — scan budget exceeded
  • premove dev — scan budget exceeded
  • resolve.exports dev — scan budget exceeded
  • rolldown-plugin-dts dev — scan budget exceeded
  • rollup-plugin-license dev — scan budget exceeded
  • sass dev — scan budget exceeded
  • sass-embedded dev — scan budget exceeded
  • sirv dev — scan budget exceeded
  • strip-literal dev — scan budget exceeded
  • terser dev — scan budget exceeded
  • ufo dev — scan budget exceeded
  • ws dev — scan budget exceeded
  • acorn dev — scan budget exceeded
  • css-color-names dev — scan budget exceeded
  • kill-port dev — scan budget exceeded
  • url dev — scan budget exceeded
  • express dev — scan budget exceeded
  • less dev — scan budget exceeded
  • slash3 dev — scan budget exceeded
  • slash5 dev — scan budget exceeded
  • vue34 dev — scan budget exceeded
  • pug dev — scan budget exceeded
  • @types/react dev — scan budget exceeded
  • @types/react-dom dev — scan budget exceeded
  • react-fake-client dev — scan budget exceeded
  • react-fake-server dev — scan budget exceeded
  • @vitejs/test-css-dep dev — scan budget exceeded
  • @vitejs/test-css-dep-exports dev — scan budget exceeded
  • @vitejs/test-css-js-dep dev — scan budget exceeded
  • @vitejs/test-css-proxy-dep dev — scan budget exceeded
  • @vitejs/test-scss-proxy-dep dev — scan budget exceeded
  • postcss-nested dev — scan budget exceeded
  • stylus dev — scan budget exceeded
  • sugarss dev — scan budget exceeded
  • @vitejs/test-json-require dev — scan budget exceeded
  • @vitejs/test-json-module dev — scan budget exceeded