Close Open Privacy Scan

link https://github.com/jestjs/jest
bolt Snapshot: commit f49721c
science engine v1
schedule 2026-06-25T19:12:36.612338+00:00

verified_user No application data leak found

No high-confidence exfiltration was found in application code. Dependency data flows are listed separately and do not affect this verdict.

Incomplete scan — only 83/200 dependencies were analyzed. Treat the score as provisional.

App Privacy Score

62 /100
Medium privacy risk

Medium risk · 747 finding(s)

Dependency score: 37 (High risk)

bar_chart Score Breakdown

telemetry −20
egress −15
env_fs −3

list Scan Summary

1 high 5 medium 741 low
First-party packages: 27
Dependency packages: 31
Ecosystem: npm

swap_horiz Application data flows

No application data flows were found. See dependency data flows below.

hub Dependency data flows (4)
high @babel/register dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/@[email protected]/lib/worker/index.js:86 pkgs/npm/@[email protected]/lib/worker/index.js:175
medium @babel/register dependency PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/@[email protected]/lib/worker/index.js:86 pkgs/npm/@[email protected]/lib/worker/index.js:95
medium @babel/register dependency PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/@[email protected]/lib/worker/index.js:86 pkgs/npm/@[email protected]/lib/worker/index.js:105
medium @babel/register dependency PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/@[email protected]/lib/worker/index.js:86 pkgs/npm/@[email protected]/lib/worker/index.js:112

</> First-Party Code

first-party (npm)

npm first-party
medium telemetry production #3f315e3efbb92b4c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/jest-jasmine2/src/jasmine/createSpy.ts:56 
    callTracker.track(callData);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
expand_more 297 low-confidence finding(s)
low env_fs production #df6b6a609743f169 Filesystem access.
repo/e2e/Utils.ts:62 
    fs.writeFileSync(lockfilePath, '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #b575823784072159 Filesystem access.
repo/e2e/Utils.ts:75 
        fs.readFileSync(lockfilePath, 'utf8').trim().length > 0

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #6c997c5c76cf10d1 Filesystem access.
repo/e2e/Utils.ts:142 
    fs.writeFileSync(
      path.resolve(directory, ...fileOrPath.split('/')),
      format(files[fileOrPath]),
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #6646f3a1f7f29de4 Filesystem access.
repo/e2e/Utils.ts:194 
    fs.writeFileSync(dest, fs.readFileSync(src));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #6646f3a1f7f29de4 Filesystem access.
repo/e2e/Utils.ts:194 
    fs.writeFileSync(dest, fs.readFileSync(src));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #1d3c6cf3970dd425 Filesystem access.
repo/e2e/Utils.ts:253 
  fs.writeFileSync(
    path.resolve(directory, 'package.json'),
    JSON.stringify(packageJsonWithDefaults, null, 2),
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #926ed160743d211d Filesystem access.
repo/e2e/__tests__/coverageHandlebars.test.ts:28 
  const coverageMap = JSON.parse(readFileSync(coverageMapFile, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #62379f7351fb64f5 Filesystem access.
repo/e2e/__tests__/coverageRemapping.test.ts:27 
  const coverageMap = JSON.parse(readFileSync(coverageMapFile, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #2fcd27f427352fbf Filesystem access.
repo/e2e/__tests__/coverageTransformInstrumented.test.ts:27 
  const coverageMap = JSON.parse(readFileSync(coverageMapFile, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #e8aa629979c74006 Filesystem access.
repo/e2e/__tests__/globalSetup.test.ts:65 
  const setup = fs.readFileSync(path.join(DIR, files[0]), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #63ed032e6fc8762b Filesystem access.
repo/e2e/__tests__/globalTeardown.test.ts:49 
  const teardown = fs.readFileSync(path.join(DIR, files[0]), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #8334ff46f1c1c89c Filesystem access.
repo/e2e/__tests__/jsonReporter.test.ts:29 
    const testOutput = fs.readFileSync(outputFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #c81a60348e1ed1cd Filesystem access.
repo/e2e/__tests__/listTests.test.ts:62 
      const outputFileContent = fs.readFileSync(outputFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #a46d1af3878cfb7b Filesystem access.
repo/e2e/__tests__/listTests.test.ts:84 
      const outputFileContent = fs.readFileSync(outputFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #13395584cc81a25e Filesystem access.
repo/e2e/__tests__/onlyFailuresNonWatch.test.ts:74 
    fs.writeFileSync(path.join(DIR, '__tests__/a.js'), data);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #4f465e890560d168 Filesystem access.
repo/e2e/__tests__/runnerOptions.test.ts:26 
    const receivedOptions = JSON.parse(fs.readFileSync(optionsFile, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #5156b9cad5d4776e Filesystem access.
repo/e2e/__tests__/snapshot.test.ts:28 
const originalTestContent = fs.readFileSync(originalTestPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #5522f66acc3fbc67 Filesystem access.
repo/e2e/__tests__/snapshot.test.ts:56 
const initialTestData = fs.readFileSync(snapshotEscapeTestFile, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #46cdf0fd060cb074 Filesystem access.
repo/e2e/__tests__/snapshot.test.ts:67 
  eval(fs.readFileSync(snapshotOfCopy, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #fdb6f3394cc60a79 Filesystem access.
repo/e2e/__tests__/snapshot.test.ts:93 
    fs.writeFileSync(snapshotEscapeTestFile, initialTestData, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #ed33843ff85e0c8b Filesystem access.
repo/e2e/__tests__/snapshot.test.ts:138 
    fs.writeFileSync(snapshotEscapeTestFile, newTestData, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #a4ce3cbac784aaa7 Filesystem access.
repo/e2e/__tests__/snapshot.test.ts:222 
      fs.writeFileSync(copyOfTestPath, originalTestContent);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #000ac3f0f3cdb338 Filesystem access.
repo/e2e/__tests__/snapshot.test.ts:278 
      fs.writeFileSync(copyOfTestPath, emptyTest);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #a932d69e06f4b660 Filesystem access.
repo/e2e/__tests__/snapshot.test.ts:299 
      fs.writeFileSync(
        copyOfTestPath,
        originalTestContent.replace(
          '.toMatchSnapshot()',
          '.not.toBe(undefined)',
        ),
      );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #c518605441ad15e2 Filesystem access.
repo/e2e/__tests__/testEnvironmentAsync.test.ts:32 
  const teardown = fs.readFileSync(`${DIR}/teardown`, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #e891496b02210c24 Filesystem access.
repo/e2e/__tests__/testFailingSnapshot.test.js:52 
    const snapshot = fs
      .readFileSync(
        path.resolve(dir, './__tests__/__snapshots__/snapshot.test.js.snap'),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #e81f951cf0bd0076 Filesystem access.
repo/e2e/__tests__/testFailingSnapshot.test.js:59 
    const inlineSnapshot = fs
      .readFileSync(path.resolve(dir, './__tests__/inlineSnapshot.test.js'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #4a6576094ea3c019 Filesystem access.
repo/e2e/__tests__/testRetries.test.ts:98 
    const testOutput = fs.readFileSync(outputFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #b42656f73d0ce4ad Filesystem access.
repo/e2e/__tests__/testRetries.test.ts:129 
    const testOutput = fs.readFileSync(outputFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #f73cc3601433dd8f Filesystem access.
repo/e2e/__tests__/testRetries.test.ts:160 
    const testOutput = fs.readFileSync(outputFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #d9a2894b3231a056 Filesystem access.
repo/e2e/__tests__/testRetries.test.ts:240 
    const testOutput = fs.readFileSync(outputFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #7bb44ea50b3b5df7 Filesystem access.
repo/e2e/__tests__/testRetries.test.ts:272 
    const testOutput = fs.readFileSync(outputFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #7f87465b1a311ea2 Filesystem access.
repo/e2e/__tests__/testRetries.test.ts:303 
    const testOutput = fs.readFileSync(outputFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #acc0ef2d26115bd5 Environment-variable access.
repo/e2e/__tests__/timeouts.test.ts:34 
    process.env.JEST_JASMINE === '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #7b692113f1f1d27d Environment-variable access.
repo/e2e/__tests__/timeouts.test.ts:85 
    process.env.JEST_JASMINE === '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #4e8a74081641d20a Environment-variable access.
repo/e2e/__tests__/timeouts.test.ts:133 
    process.env.JEST_JASMINE === '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #218a0e419f5aced3 Environment-variable access.
repo/e2e/__tests__/timeouts.test.ts:176 
    process.env.JEST_JASMINE === '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #7e7a7a1c27ec9c03 Filesystem access.
repo/e2e/__tests__/toMatchInlineSnapshot.test.ts:17 
  fs.readFileSync(path.join(TESTS_DIR, filename), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #60dd2471ec8e5f31 Filesystem access.
repo/e2e/__tests__/toMatchInlineSnapshotCrlf.test.ts:19 
  fs.readFileSync(path.join(TESTS_DIR, filename), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #4666862255e81248 Filesystem access.
repo/e2e/__tests__/toMatchSnapshotWithStringSerializer.test.ts:20 
  fs.readFileSync(path.join(TESTS_DIR, filename), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #05a5507dc172ce3b Filesystem access.
repo/e2e/__tests__/toThrowErrorMatchingInlineSnapshot.test.ts:20 
  fs.readFileSync(path.join(TESTS_DIR, filename), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #b692331acb217b93 Filesystem access.
repo/e2e/__tests__/toThrowErrorMatchingSnapshot.test.ts:97 
    const snapshot = fs.readFileSync(
      `${TESTS_DIR}/__snapshots__/${filename}.snap`,
      'utf8',
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #504d143f9a9cc04a Filesystem access.
repo/e2e/__tests__/watchModeNoAccess.test.ts:84 
  fs.writeFileSync(modulePath, 'module.exports = 1;', 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #4b60432182362c4e Filesystem access.
repo/e2e/global-setup-custom-transform/__tests__/test.js:9 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #4b60432182362c4e Filesystem access.
repo/e2e/global-setup-custom-transform/__tests__/test.js:9 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #d39a1b002e4c7811 Filesystem access.
repo/e2e/global-setup-custom-transform/__tests__/test.js:19 
  const setup = fs.readFileSync(path.join(DIR, files[0]), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #5f5d2faef2343730 Filesystem access.
repo/e2e/global-setup-custom-transform/setup.js:19 
    fs.writeFileSync(path.join(DIR, fileId), 'setup');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #bfcbc034ee98f6a7 Filesystem access.
repo/e2e/global-setup-esm/__tests__/test.js:18 
  const setup = fs.readFileSync(path.join(DIR, files[0]), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #fca5d770ca6401d7 Filesystem access.
repo/e2e/global-setup-esm/setup.js:19 
    fs.writeFileSync(path.join(DIR, fileId), 'setup');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #481270c45aba4a48 Filesystem access.
repo/e2e/global-setup-node-modules/__tests__/test.js:9 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #481270c45aba4a48 Filesystem access.
repo/e2e/global-setup-node-modules/__tests__/test.js:9 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #38aeb823972c3a30 Filesystem access.
repo/e2e/global-setup-node-modules/__tests__/test.js:18 
  const setup = fs.readFileSync(path.join(DIR, files[0]), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #bc2fe9bc96b5ae35 Filesystem access.
repo/e2e/global-setup-node-modules/setup.js:20 
    fs.writeFileSync(path.join(DIR, fileId), `hello ${example()}`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #03dcba22b6afd974 Filesystem access.
repo/e2e/global-setup/__tests__/setup1.test.js:9 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #03dcba22b6afd974 Filesystem access.
repo/e2e/global-setup/__tests__/setup1.test.js:9 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #57af2d25080b41e5 Filesystem access.
repo/e2e/global-setup/__tests__/setup1.test.js:18 
  const setup = fs.readFileSync(path.join(DIR, files[0]), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #c892f5c188713783 Filesystem access.
repo/e2e/global-setup/__tests__/setup2.test.js:9 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #c892f5c188713783 Filesystem access.
repo/e2e/global-setup/__tests__/setup2.test.js:9 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #07d8fb7d326c7319 Filesystem access.
repo/e2e/global-setup/__tests__/setup2.test.js:18 
  const setup = fs.readFileSync(path.join(DIR, files[0]), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #86f447861c1e4167 Filesystem access.
repo/e2e/global-setup/__tests__/setup3.test.js:9 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #86f447861c1e4167 Filesystem access.
repo/e2e/global-setup/__tests__/setup3.test.js:9 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #ad5dbea5780f6aee Filesystem access.
repo/e2e/global-setup/__tests__/setup3.test.js:18 
  const setup = fs.readFileSync(path.join(DIR, files[0]), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #158b57d866898881 Filesystem access.
repo/e2e/global-setup/project-1/setup.js:19 
    fs.writeFileSync(path.join(DIR, fileId), 'setup');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #adb11afe1bffacbe Filesystem access.
repo/e2e/global-setup/project-1/setup1.test.js:9 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #adb11afe1bffacbe Filesystem access.
repo/e2e/global-setup/project-1/setup1.test.js:9 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #a5c9f7dc2d217a49 Filesystem access.
repo/e2e/global-setup/project-1/setup1.test.js:18 
  const setup = fs.readFileSync(path.join(DIR, files[0]), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #ed536d38c437d16f Filesystem access.
repo/e2e/global-setup/project-2/setup.js:19 
    fs.writeFileSync(path.join(DIR, fileId), 'setup');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #a31ee0588b752cc4 Filesystem access.
repo/e2e/global-setup/project-2/setup2.test.js:9 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #a31ee0588b752cc4 Filesystem access.
repo/e2e/global-setup/project-2/setup2.test.js:9 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #5f637200c9c502c3 Filesystem access.
repo/e2e/global-setup/project-2/setup2.test.js:18 
  const setup = fs.readFileSync(path.join(DIR, files[0]), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #0d15f53cc85c9acd Filesystem access.
repo/e2e/global-setup/setup.js:8 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #0d15f53cc85c9acd Filesystem access.
repo/e2e/global-setup/setup.js:8 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #51828572880ab9ae Filesystem access.
repo/e2e/global-setup/setup.js:20 
    fs.writeFileSync(path.join(DIR, fileId), 'setup');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #d52a14b402721444 Filesystem access.
repo/e2e/global-teardown-esm/teardown.js:19 
    fs.writeFileSync(path.join(DIR, fileId), 'teardown');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #6ca82da2b519414c Filesystem access.
repo/e2e/global-teardown/__tests__/teardown1.test.js:9 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #6ca82da2b519414c Filesystem access.
repo/e2e/global-teardown/__tests__/teardown1.test.js:9 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #9d4c945ca6907275 Filesystem access.
repo/e2e/global-teardown/__tests__/teardown2.test.js:9 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #9d4c945ca6907275 Filesystem access.
repo/e2e/global-teardown/__tests__/teardown2.test.js:9 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #e5fda09b4885b60a Filesystem access.
repo/e2e/global-teardown/__tests__/teardown3.test.js:9 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #e5fda09b4885b60a Filesystem access.
repo/e2e/global-teardown/__tests__/teardown3.test.js:9 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #068f3ef71075d17f Filesystem access.
repo/e2e/global-teardown/project-1/teardown.js:19 
    fs.writeFileSync(path.join(DIR, fileId), 'teardown');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #243fd051080fed2f Filesystem access.
repo/e2e/global-teardown/project-1/teardown1.test.js:9 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #243fd051080fed2f Filesystem access.
repo/e2e/global-teardown/project-1/teardown1.test.js:9 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #cf09ac6f8628af97 Filesystem access.
repo/e2e/global-teardown/project-2/teardown.js:19 
    fs.writeFileSync(path.join(DIR, fileId), 'teardown');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #99efcb27ee5e02c8 Filesystem access.
repo/e2e/global-teardown/project-2/teardown2.test.js:9 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #99efcb27ee5e02c8 Filesystem access.
repo/e2e/global-teardown/project-2/teardown2.test.js:9 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #4ee52608d636f884 Filesystem access.
repo/e2e/global-teardown/teardown.js:19 
    fs.writeFileSync(path.join(DIR, fileId), 'teardown');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #505477082b80f3f0 Filesystem access.
repo/e2e/native-esm/__tests__/native-esm-wasm.test.js:14 
const wasmFileBuffer = readFileSync('add.wasm');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #fa89ce8ddb132188 Filesystem access.
repo/e2e/native-esm/__tests__/native-esm.test.js:11 
import {readFileSync} from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #24d4a6f1e6194b23 Filesystem access.
repo/e2e/native-esm/__tests__/native-esm.test.js:80 
  expect(JSON.parse(readFileSync(packageJsonPath, 'utf8'))).toEqual({

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #2d960c6f78cdba0c Filesystem access.
repo/e2e/node-url-manual-mocks/__tests__/mockOnly.test.js:7 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #2d960c6f78cdba0c Filesystem access.
repo/e2e/node-url-manual-mocks/__tests__/mockOnly.test.js:7 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #5702450f2a624c30 Filesystem access.
repo/e2e/runner-options/runner.js:18 
    fs.writeFileSync(
      path.join(__dirname, 'runner-options-received.json'),
      JSON.stringify(options || null),
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #dfdccb119e38b5c0 Filesystem access.
repo/e2e/runtime-internal-module-registry/__tests__/runtimeInternalModuleRegistry.test.js:14 
    const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #dfdccb119e38b5c0 Filesystem access.
repo/e2e/runtime-internal-module-registry/__tests__/runtimeInternalModuleRegistry.test.js:14 
    const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #624e029907b16240 Filesystem access.
repo/e2e/snapshot-mock-fs/__tests__/snapshot.test.js:10 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #624e029907b16240 Filesystem access.
repo/e2e/snapshot-mock-fs/__tests__/snapshot.test.js:10 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #e76a868968d92320 Filesystem access.
repo/e2e/test-environment-async/TestEnvironment.js:33 
      fs.writeFileSync(`${DIR}/teardown`, 'teardown');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #1f3463c37fa291d4 Filesystem access.
repo/e2e/test-retries/__tests__/e2e.test.js:9 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #1f3463c37fa291d4 Filesystem access.
repo/e2e/test-retries/__tests__/e2e.test.js:9 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #a4737003fef9b2e2 Filesystem access.
repo/e2e/test-retries/__tests__/e2e.test.js:15 
  fs.writeFileSync(countPath, '0', 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #82ed6df6153a62a3 Filesystem access.
repo/e2e/test-retries/__tests__/e2e.test.js:21 
  const tries = Number.parseInt(fs.readFileSync(countPath, 'utf8'), 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #c4d98a421c9b7990 Filesystem access.
repo/e2e/test-retries/__tests__/e2e.test.js:22 
  fs.writeFileSync(countPath, `${tries + 1}`, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #09ac89b890ed6b91 Filesystem access.
repo/e2e/test-retries/__tests__/e2eConcurrent.test.js:9 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #09ac89b890ed6b91 Filesystem access.
repo/e2e/test-retries/__tests__/e2eConcurrent.test.js:9 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #82a3acc8055621bd Filesystem access.
repo/e2e/test-retries/__tests__/e2eConcurrent.test.js:15 
  fs.writeFileSync(countPath, '0', 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #19d4f916ffc6f1b5 Filesystem access.
repo/e2e/test-retries/__tests__/e2eConcurrent.test.js:21 
  const tries = Number.parseInt(fs.readFileSync(countPath, 'utf8'), 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #a7a94c817fdd6a00 Filesystem access.
repo/e2e/test-retries/__tests__/e2eConcurrent.test.js:22 
  fs.writeFileSync(countPath, `${tries + 1}`, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #47aa2712dae8072d Filesystem access.
repo/e2e/test-retries/reporters/RetryReporter.js:23 
      fs.writeFileSync(this._options.output, JSON.stringify(results, null, 2), {
        encoding: 'utf8',
      });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #9a15ac97fd8c18a8 Filesystem access.
repo/e2e/vmscript-coverage/__tests__/extract-coverage.test.js:8 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #9a15ac97fd8c18a8 Filesystem access.
repo/e2e/vmscript-coverage/__tests__/extract-coverage.test.js:8 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #54e4b0a9fc0925da Filesystem access.
repo/e2e/vmscript-coverage/__tests__/extract-coverage.test.js:14 
  const content = fs.readFileSync(filePath, {encoding: 'utf8'});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #eb17f1351833cb74 Filesystem access.
repo/examples/manual-mocks/__tests__/file_summarizer.test.js:15 
    require('fs').__setMockFiles(MOCK_FILE_INFO);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #9c6f0449f575cfe2 Environment-variable access.
repo/examples/manual-mocks/utils.js:2 
  return process.env.HOSTNAME === 'localhost';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #7c69eacf12e565b2 Environment-variable access.
repo/examples/typescript/utils.ts:4 
  return process.env.HOSTNAME === 'localhost';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #dd8f90e191efb90d Environment-variable access.
repo/jest.config.mjs:42 
    globalsCleanup: process.env.GLOBALS_CLEANUP ?? 'on',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #7bf9c34b4467ada8 Environment-variable access.
repo/packages/babel-jest/src/__tests__/getCacheKey.test.ts:27 
const nodeEnv = process.env.NODE_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #fc2c14c5f6e6c9d6 Environment-variable access.
repo/packages/babel-jest/src/__tests__/getCacheKey.test.ts:28 
const babelEnv = process.env.BABEL_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #15c6a625d8a41253 Environment-variable access.
repo/packages/babel-jest/src/__tests__/getCacheKey.test.ts:38 
  if (process.env.NODE_ENV === 'NEW_NODE_ENV') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #5d24316a07e9bb4e Environment-variable access.
repo/packages/babel-jest/src/__tests__/getCacheKey.test.ts:39 
    process.env.NODE_ENV = nodeEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #064e6763c2cd329a Environment-variable access.
repo/packages/babel-jest/src/__tests__/getCacheKey.test.ts:42 
  if (process.env.BABEL_ENV === 'NEW_BABEL_ENV') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #01db21c3ee703861 Environment-variable access.
repo/packages/babel-jest/src/__tests__/getCacheKey.test.ts:43 
    process.env.BABEL_ENV = babelEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #d84f05a4f870b7e2 Environment-variable access.
repo/packages/babel-jest/src/__tests__/getCacheKey.test.ts:217 
      process.env.NODE_ENV = 'NEW_NODE_ENV';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #8ca879c27eb33947 Environment-variable access.
repo/packages/babel-jest/src/__tests__/getCacheKey.test.ts:229 
      process.env.BABEL_ENV = 'NEW_BABEL_ENV';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #1d3feec656bfe71b Filesystem access.
repo/packages/babel-jest/src/index.ts:33 
const THIS_FILE = fs.readFileSync(__filename);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #885a0ddb79241fcb Environment-variable access.
repo/packages/babel-jest/src/index.ts:108 
    .update(process.env.NODE_ENV ?? '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #80bd34b3aa0732b4 Environment-variable access.
repo/packages/babel-jest/src/index.ts:110 
    .update(process.env.BABEL_ENV ?? '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #dc2712bc058d2d5c Filesystem access.
repo/packages/create-jest/src/runCreate.ts:65 
      fs.readFileSync(projectPackageJsonPath, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #8062900af369c52e Filesystem access.
repo/packages/create-jest/src/runCreate.ts:143 
    fs.writeFileSync(projectPackageJsonPath, modifiedPackageJson);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #5207fb23166423a0 Filesystem access.
repo/packages/create-jest/src/runCreate.ts:155 
  fs.writeFileSync(jestConfigPath, generatedConfig);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low egress test-only #e83312d527bba9a0 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/expect-utils/src/__tests__/utils.test.ts:807 
    const a = new URL('https://jestjs.io/');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
low egress test-only #f6e25ad8287a44fe Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/expect-utils/src/__tests__/utils.test.ts:808 
    const b = new URL('https://jestjs.io/');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
low egress test-only #6b9891a6124a2795 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/expect-utils/src/__tests__/utils.test.ts:813 
    const a = new URL('https://jestjs.io/docs/getting-started');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
low egress test-only #fcb7806ca25b893e Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/expect-utils/src/__tests__/utils.test.ts:814 
    const b = new URL('https://jestjs.io/docs/getting-started#using-babel');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
low env_fs production #3a258940610c947c Filesystem access.
repo/packages/jest-circus/src/__mocks__/testUtils.ts:51 
  fs.writeFileSync(tmpFilename, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #4e399cb906a0eef5 Environment-variable access.
repo/packages/jest-cli/bin/jest.js:12 
  if (process.env.NODE_ENV == null) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #7e16cf2d94c27399 Environment-variable access.
repo/packages/jest-cli/bin/jest.js:13 
    process.env.NODE_ENV = 'test';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #bb0df31280b85c64 Filesystem access.
repo/packages/jest-config/src/readConfigFileAndSetRootDir.ts:90 
      const fileContent = fs.readFileSync(configPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #6cc85e79065ebc45 Filesystem access.
repo/packages/jest-config/src/readConfigFileAndSetRootDir.ts:146 
  const docblockPragmas = parse(extract(fs.readFileSync(configPath, 'utf8')));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #df966ebce7617873 Filesystem access.
repo/packages/jest-config/src/resolveConfigPath.ts:143 
    const content = fs.readFileSync(packagePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #6a407d71f4d0f8dc Environment-variable access.
repo/packages/jest-core/src/TestScheduler.ts:67 
    key => key in process.env && process.env[key] !== '',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #2de36b0562be0e07 Environment-variable access.
repo/packages/jest-core/src/__tests__/TestScheduler.test.js:100 
      savedAgentEnv[key] = process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #12566266305411f7 Environment-variable access.
repo/packages/jest-core/src/__tests__/TestScheduler.test.js:101 
      delete process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #d71a8576a6e665fb Environment-variable access.
repo/packages/jest-core/src/__tests__/TestScheduler.test.js:109 
        delete process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #ab73beed7784d6ea Environment-variable access.
repo/packages/jest-core/src/__tests__/TestScheduler.test.js:111 
        process.env[key] = savedAgentEnv[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #78e73c91f17e905b Environment-variable access.
repo/packages/jest-core/src/__tests__/TestScheduler.test.js:132 
    process.env.AI_AGENT = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #716fc5f96eac1a54 Environment-variable access.
repo/packages/jest-core/src/__tests__/TestScheduler.test.js:144 
      delete process.env.AI_AGENT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #edc83be2c7a3464c Filesystem access.
repo/packages/jest-core/src/__tests__/watchFileChanges.test.ts:55 
    fs.writeFileSync(
      fileTargetPath2,
      `
        require('./lost-file.js');
        describe('Fake test', () => {
            it('Hey', () => {

            });
        });
      `,
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #bc0049a0736ab74f Filesystem access.
repo/packages/jest-core/src/__tests__/watchFileChanges.test.ts:125 
    fs.writeFileSync(
      fileTargetPath,
      `
        describe('Fake group', () => {
            it('Fake 1', () => {});
            it('Fake 2', () => {});
            it('Fake 3', () => {});
        });
      `,
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #a473474812ef9099 Filesystem access.
repo/packages/jest-core/src/runJest.ts:142 
      fs.writeFileSync(filePath, `${jsonString}\n`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #b26cfbdf358d09b9 Filesystem access.
repo/packages/jest-core/src/runJest.ts:261 
      fs.writeFileSync(outputFile, testsListOutput, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #f23aea112fc70cb6 Environment-variable access.
repo/packages/jest-create-cache-key-function/src/__tests__/index.test.ts:14 
  NODE_ENV = process.env.NODE_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #65ec76e0913928b6 Environment-variable access.
repo/packages/jest-create-cache-key-function/src/__tests__/index.test.ts:15 
  process.env.NODE_ENV = 'test';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #7b430cc94af7c348 Environment-variable access.
repo/packages/jest-create-cache-key-function/src/__tests__/index.test.ts:16 
  BABEL_ENV = process.env.BABEL_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #e5e40c24a3f75380 Environment-variable access.
repo/packages/jest-create-cache-key-function/src/__tests__/index.test.ts:17 
  process.env.BABEL_ENV = 'test';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #ce2446a429bb114a Environment-variable access.
repo/packages/jest-create-cache-key-function/src/__tests__/index.test.ts:24 
  process.env.NODE_ENV = NODE_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #e51ac536f20cf029 Environment-variable access.
repo/packages/jest-create-cache-key-function/src/__tests__/index.test.ts:25 
  process.env.BABEL_ENV = BABEL_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #d8dafa142adc5ad2 Filesystem access.
repo/packages/jest-create-cache-key-function/src/index.ts:54 
    ...files.map((file: string) => readFileSync(file)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #36456abe0631794f Environment-variable access.
repo/packages/jest-haste-map/src/index.ts:394 
          (process.env.NODE_ENV === 'test' && hasteMap) || null;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #1f3f0a719bacbb42 Filesystem access.
repo/packages/jest-haste-map/src/lib/CacheManager.ts:26 
      return deserialize(readFileSync(this._cachePath));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #4f099a0bc6c742bb Filesystem access.
repo/packages/jest-haste-map/src/lib/CacheManager.ts:33 
    writeFileSync(this._cachePath, serialize(hasteMap));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #bc0174e5a07a86ce Filesystem access.
repo/packages/jest-haste-map/src/lib/__tests__/walk.test.ts:24 
  fs.writeFileSync(filePath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #077f9a784b04a719 Filesystem access.
repo/packages/jest-haste-map/src/worker.ts:43 
      content = fs.readFileSync(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #609e217e70844e93 Filesystem access.
repo/packages/jest-haste-map/src/worker.ts:93 
    sha1 = sha1hex(content || fs.readFileSync(filePath));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #1fdb155ddd2460f5 Filesystem access.
repo/packages/jest-haste-map/src/worker.ts:101 
    ? sha1hex(fs.readFileSync(data.filePath))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #e4e53a796b7d8999 Filesystem access.
repo/packages/jest-message-util/src/index.ts:363 
          fileContent = fs.readFileSync(filename, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #d044bcdfb01e5d7b Filesystem access.
repo/packages/jest-reporters/src/CoverageReporter.ts:480 
              fs.readFileSync(fileTransform.sourceMapPath, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #dd34a0e10a4a0713 Filesystem access.
repo/packages/jest-reporters/src/CoverageReporter.ts:495 
              : {source: fs.readFileSync(res.url, 'utf8')},

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #290a3ba2498c7e2a Filesystem access.
repo/packages/jest-reporters/src/CoverageWorker.ts:51 
    fs.readFileSync(path, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #304fb8fc20f6973d Environment-variable access.
repo/packages/jest-reporters/src/__tests__/SummaryReporter.test.js:31 
  process.env.npm_lifecycle_event = 'test';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #4007af70dc089f95 Environment-variable access.
repo/packages/jest-reporters/src/__tests__/SummaryReporter.test.js:32 
  process.env.npm_lifecycle_script = 'jest';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #0f5b0f09c7af9f18 Environment-variable access.
repo/packages/jest-reporters/src/__tests__/SummaryReporter.test.js:61 
  process.env.npm_config_user_agent = 'npm';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #18e91f4372ecbf91 Environment-variable access.
repo/packages/jest-reporters/src/__tests__/SummaryReporter.test.js:86 
  process.env.npm_config_user_agent = 'yarn';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #3c3349bfb3005f6e Environment-variable access.
repo/packages/jest-resolve/src/__tests__/resolve.test.ts:108 
    const nodePaths = process.env.NODE_PATH

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #5fc3b9232c595561 Environment-variable access.
repo/packages/jest-resolve/src/__tests__/resolve.test.ts:109 
      ? process.env.NODE_PATH.split(path.delimiter)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #1b81c88d760b35ba Environment-variable access.
repo/packages/jest-resolve/src/__tests__/resolve.test.ts:404 
    const nodePaths = process.env.NODE_PATH

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #c6a9072ce54bfcfe Environment-variable access.
repo/packages/jest-resolve/src/__tests__/resolve.test.ts:405 
      ? process.env.NODE_PATH.split(path.delimiter)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #9f0d7c32014b6ae0 Filesystem access.
repo/packages/jest-resolve/src/fileWalkers.ts:94 
  result = JSON.parse(fs.readFileSync(path, 'utf8')) as PackageJSON;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #e64aefe1b64e1ed4 Environment-variable access.
repo/packages/jest-runner/src/__tests__/testRunner.test.ts:76 
  expect(process.env.JEST_WORKER_ID).toBe('1');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #878fd9a8ed094896 Environment-variable access.
repo/packages/jest-runner/src/index.ts:64 
    process.env.JEST_WORKER_ID = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #069bc10a9be33dd3 Filesystem access.
repo/packages/jest-runner/src/runTest.ts:87 
  const testSource = fs.readFileSync(path, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #2bc745f0069c156f Environment-variable access.
repo/packages/jest-runner/src/runTest.ts:117 
      process.env.JEST_JASMINE === '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #00f3b17a151fd33d Filesystem access.
repo/packages/jest-runner/src/runTest.ts:255 
            map: JSON.parse(fs.readFileSync(sourceMapSource, 'utf8')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #f462764bcc2463fc Environment-variable access.
repo/packages/jest-runtime/src/__tests__/runtime_node_path.test.js:22 
      process.env.NODE_PATH = nodePath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #a24778bab5f0231a Filesystem access.
repo/packages/jest-runtime/src/__tests__/runtime_require_resolve.test.ts:40 
    await fs.writeFile(
      absoluteFilePath,
      'module.exports = require.resolve(__filename);',
      'utf8',
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #cd7160e217b25b71 Filesystem access.
repo/packages/jest-runtime/src/__tests__/runtime_require_resolve.test.ts:64 
    await fs.writeFile(
      entrypoint,
      `module.exports = require.resolve(${JSON.stringify(
        target,
      )}, {paths: []});`,
      'utf8',
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #8bff29e70290a0e8 Filesystem access.
repo/packages/jest-runtime/src/__tests__/runtime_require_resolve.test.ts:72 
    await fs.writeFile(target, 'module.exports = {}', 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #e96fed9da445ffa1 Filesystem access.
repo/packages/jest-runtime/src/internals/CjsExportsCache.ts:71 
      this.fileCache.readFile(modulePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #f0eda91b4a5cb8cc Filesystem access.
repo/packages/jest-runtime/src/internals/FileCache.ts:30 
      source = fs.readFileSync(filename);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #b72bb4363eedbc0c Filesystem access.
repo/packages/jest-runtime/src/internals/TransformCache.ts:45 
    const source = this.fileCache.readFile(filename);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #f7e216f4c914a809 Filesystem access.
repo/packages/jest-runtime/src/internals/TransformCache.ts:64 
    const source = this.fileCache.readFile(filename);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #319b18dec6d5c48b Filesystem access.
repo/packages/jest-runtime/src/internals/TransformCache.ts:93 
    const source = stripBOM(this.fileCache.readFile(filename));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #4d88ce113866887c Filesystem access.
repo/packages/jest-runtime/src/internals/__tests__/FileCache.test.ts:39 
    expect(cache.readFile('/a.js')).toBe('hello');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #e6ced6e5b90fecd2 Filesystem access.
repo/packages/jest-runtime/src/internals/__tests__/FileCache.test.ts:40 
    expect(cache.readFile('/a.js')).toBe('hello');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #9947566d4de94134 Filesystem access.
repo/packages/jest-runtime/src/internals/__tests__/FileCache.test.ts:48 
    expect(cache.readFile('/a.js')).toBe('pre-populated');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #9747e46af8fa3d88 Filesystem access.
repo/packages/jest-runtime/src/internals/__tests__/FileCache.test.ts:57 
    cache.readFile('/a.js');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #ca57c376fa78a3f0 Filesystem access.
repo/packages/jest-runtime/src/internals/__tests__/FileCache.test.ts:66 
    cache.readFile('/a.js');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #4b7e3b7d27705b38 Filesystem access.
repo/packages/jest-runtime/src/internals/__tests__/FileCache.test.ts:74 
    cache.readFile('/a.js');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #b4c9b5916f249928 Filesystem access.
repo/packages/jest-snapshot-utils/src/utils.ts:146 
      snapshotContents = fs.readFileSync(snapshotPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #bd96f163a41b29de Filesystem access.
repo/packages/jest-snapshot-utils/src/utils.ts:196 
  fs.writeFileSync(
    snapshotPath,
    `${writeSnapshotVersion()}\n\n${snapshots.join('\n\n')}\n`,
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #44c15406d4878e2a Filesystem access.
repo/packages/jest-snapshot/src/InlineSnapshots.ts:101 
      fs.writeFileSync(sourceFilePath, newSourceFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #ca049218ce0a55bd Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:48 
  fs.writeFileSync(filename, 'expect(1).toMatchInlineSnapshot();\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #db7bd9914e05cd1a Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:61 
  expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #4b06b5361384df63 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:68 
  fs.writeFileSync(
    filename,
    `${`
const a = [1,            2];
expect(a).toMatchInlineSnapshot(\`an out-of-date and also multi-line
snapshot\`);
expect(a).toMatchInlineSnapshot();
expect(a).toMatchInlineSnapshot(\`[1, 2]\`);
`.trim()}\n`,
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #d6fd4d7ba88f65a5 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:88 
  expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #3bcbea4c88c98793 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:99 
  fs.writeFileSync(
    filename,
    `${`
const a = [1,            2];
expect(a).toMatchInlineSnapshot(\`an out-of-date and also multi-line
snapshot\`);
expect(a).toMatchInlineSnapshot();
expect(a).toMatchInlineSnapshot(\`[1, 2]\`);
`.trim()}\n`,
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #d2f46f69cda86c5a Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:119 
  expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #f38d82bec53f19a8 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:132 
    fs.writeFileSync(
      filename,
      `${`
interface Foo {
  foo: string
}
const a: [Foo, Foo] = [{ foo: 'one' },            { foo: 'two' }];
expect(a).toMatchInlineSnapshot();
`.trim()}\n`,
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #fd66d1ba3fce9060 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:154 
    expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #3c1b21f795168afe Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:168 
  fs.writeFileSync(
    filename,
    `${`
it('foos', async () => {
  const Foo = (props: { foo: string }) => <div>{props.foo}</div>;
  const a = await Foo({ foo: "hello" });
  expect(a).toMatchInlineSnapshot();
})
`.trim()}\n`,
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #27dc3b4257c17650 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:190 
  expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #2ea048b483526ba8 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:203 
  fs.writeFileSync(
    filename,
    `${`
const Foo = (props: { foo: string }) => <div>{props.foo}</div>;
const a = Foo({ foo: "hello" });
expect(a).toMatchInlineSnapshot();
`.trim()}\n`,
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #79d809a7ce7ef620 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:211 
  fs.writeFileSync(
    path.join(dir, '.babelrc'),
    JSON.stringify({
      presets: [
        require.resolve('@babel/preset-flow'),
        require.resolve('@babel/preset-react'),
      ],
    }),
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #dba981fc76c151eb Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:232 
  expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #e846754e20108f04 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:243 
  fs.writeFileSync(
    filename,
    `${`
const a = [1,            2];
expect(a).toMatchInlineSnapshot(\`an out-of-date and also multi-line
snapshot\`);
expect(a).toMatchInlineSnapshot();
expect(a).toMatchInlineSnapshot(\`[1, 2]\`);
`.trim()}\n`,
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #cc1baf2144b5afde Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:263 
  expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #49207c3f2b409e8d Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:276 
    fs.writeFileSync(filename, 'expect(1).toMatchInlineSnapshot(`2`);\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #619a3c710b510ab1 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:295 
    expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #168174a0814da009 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:303 
  fs.writeFileSync(filename, 'expect(1).toMatchInlineSnapshot({}, `2`);\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #cfe4ba472f3d2dca Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:316 
  expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #28b26b479533cb48 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:325 
    fs.writeFileSync(filename, 'expect(1).toMatchInlineSnapshot({});\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #82c75c38ff787001 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:338 
    expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #b477433553e35191 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:346 
  fs.writeFileSync(filename, 'expect(1).toMatchInlineSnapshot();\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #4259a22430c3388d Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:369 
  fs.writeFileSync(filename, 'expect(1).toMatchInlineSnapshot();\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #43858dc33c517e10 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:389 
  fs.writeFileSync(filename, 'expect("`").toMatchInlineSnapshot();\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #c52d75994163062d Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:394 
  expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #90f467de0fdffbee Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:401 
  fs.writeFileSync(filename, "expect({a: 'a'}).toMatchInlineSnapshot();\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #96a3c77a980f99a2 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:418 
  expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #5b05ef774bb3c1fe Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:425 
  fs.writeFileSync(
    filename,
    "it('is a test', () => {\n" +
      "  expect({a: 'a'}).toMatchInlineSnapshot();\n" +
      '});\n',
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #aed3b8f8422e7d4d Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:447 
  expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #7688b588f6688ae2 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:460 
  fs.writeFileSync(
    filename,
    "it('is an error test', () => {\n" +
      '  expect(() => {\n' +
      "    throw new Error(['a', 'b'].join('\\n'));\n" +
      '  }).toThrowErrorMatchingInlineSnapshot(`\n' +
      '    "a\n' +
      '    b"\n' +
      '  `);\n' +
      '});\n' +
      "it('is another test', () => {\n" +
      "  expect({a: 'a'}).toMatchInlineSnapshot();\n" +
      '});\n',
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #ed66bd890820e6bf Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:490 
  expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #7603546db43a6f1e Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:511 
  fs.writeFileSync(
    filename,
    "it('is a test', () => {\n" +
      "  expect({a: 'a'}).toMatchInlineSnapshot();\n" +
      '});\n' +
      "it('is a another test', () => {\n" +
      "  expect({b: 'b'}).toMatchInlineSnapshot(`\n" +
      '    Object {\n' +
      "      b: 'b'\n" +
      '    }\n' +
      '  `);\n' +
      '});\n',
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #4e4bb1a90219db20 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:540 
  expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #d60cda7343e6ba0e Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:560 
  fs.writeFileSync(
    filename,
    "it('is a test', () => {\n" +
      "  expect({a: 'a'}).toMatchInlineSnapshot();\n" +
      '});\n',
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #a07980ace7b82795 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:583 
  expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #70732be64264c8db Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:596 
  fs.writeFileSync(
    filename,
    "it('is a test', () => expect({a: 'a'}).toMatchInlineSnapshot());\n",
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #ec66281e15c1ef75 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:616 
  expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #c1029f7a51504166 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:628 
  fs.writeFileSync(
    filename,
    "it('is a test', () => expect(`hello\n\nworld`).toMatchInlineSnapshot());\n",
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #dad6debdbf87714f Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:648 
  expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #e31acd5e65b6c06d Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:660 
  fs.writeFileSync(
    filename,
    "it('is a test', async () => {\n" +
      "  const a = Promise.resolve({a: 'a'});\n" +
      '  await expect(a).resolves.toMatchInlineSnapshot();\n' +
      '});\n',
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #5170bf254f3aa24b Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:683 
  expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #12f17d23d2b00333 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:697 
  fs.writeFileSync(
    filename,
    'const foo = {\n' +
      '  "1": "Some value",\n' +
      '};\n' +
      'test("something", () => {\n' +
      '  expect("a").toMatchInlineSnapshot();\n' +
      '});\n',
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #cee4287464aa2c8e Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:725 
  expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #1b7b713afc67d12d Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:737 
  fs.writeFileSync(filename, 'expect("a").toMatchInlineSnapshot("b");\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #0b682caa13fa5ee9 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:750 
  expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #82640efce3c4b470 Filesystem access.
repo/packages/jest-snapshot/src/utils.ts:203 
  const sourceFile = fs.readFileSync(sourceFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #6f44f4341c575287 Filesystem access.
repo/packages/jest-source-map/src/getCallsite.ts:60 
      const sourceMap = readFileSync(sourceMapFileName, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #36972186e16c30f4 Filesystem access.
repo/packages/jest-test-sequencer/src/index.ts:75 
            JSON.parse(fs.readFileSync(cachePath, 'utf8')) as Cache,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #ab0ef95153515288 Filesystem access.
repo/packages/jest-test-sequencer/src/index.ts:243 
      fs.writeFileSync(this._getCachePath(context), JSON.stringify(cache));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #a8c99842a809e89e Filesystem access.
repo/packages/jest-transform/src/ScriptTransformer.ts:611 
      fileContent = fs.readFileSync(filename, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #e80adbaa4e05feaa Filesystem access.
repo/packages/jest-transform/src/ScriptTransformer.ts:657 
      fileContent = fs.readFileSync(filename, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #d639b06dc91dbf01 Filesystem access.
repo/packages/jest-transform/src/ScriptTransformer.ts:973 
    fileData = fs.readFileSync(cachePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #e5de370e443c369e Environment-variable access.
repo/packages/jest-util/src/__tests__/createProcessObject.test.ts:51 
  process.env.PROP_STRING = 'foo';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #aff1f3cc4665f3ac Environment-variable access.
repo/packages/jest-util/src/__tests__/createProcessObject.test.ts:53 
  process.env.PROP_NUMBER = 3;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #19fd80e399055e3e Environment-variable access.
repo/packages/jest-util/src/__tests__/createProcessObject.test.ts:54 
  process.env.PROP_UNDEFINED = undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #442911104ffe4282 Environment-variable access.
repo/packages/jest-util/src/__tests__/createProcessObject.test.ts:70 
  expect(process.env.PROP_ADDED).toBeUndefined();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #d3d500c58e7ddaa9 Environment-variable access.
repo/packages/jest-util/src/__tests__/createProcessObject.test.ts:90 
  process.env.PROP_STRING = 'foo';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #5452cd5c8e9c9693 Environment-variable access.
repo/packages/jest-util/src/__tests__/isInteractive.test.ts:11 
const oldTERM = process.env.TERM;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #6e71f4b55e8c611d Environment-variable access.
repo/packages/jest-util/src/__tests__/isInteractive.test.ts:15 
  process.env.TERM = oldTERM;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #56c7bb10e614dc9a Environment-variable access.
repo/packages/jest-util/src/__tests__/isInteractive.test.ts:22 
  process.env.TERM = 'xterm-256color';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #51f7edeb8701762d Environment-variable access.
repo/packages/jest-util/src/__tests__/isInteractive.test.ts:41 
    process.env.TERM = term;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #58d2862146ec0545 Environment-variable access.
repo/packages/jest-util/src/isInteractive.ts:21 
    return process.env.TERM !== 'dumb';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #d48a7be4cb73c22e Filesystem access.
repo/packages/jest-worker/src/__tests__/leak-integration.test.ts:18 
    writeFileSync(workerFile, 'module.exports.fn = () => {};');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #2d1cf74591644275 Filesystem access.
repo/packages/jest-worker/src/__tests__/leak-integration.test.ts:48 
    writeFileSync(workerFile, 'module.exports.fn = (obj) => [obj];');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #6d1a1566d38fe692 Environment-variable access.
repo/packages/jest-worker/src/workers/__tests__/ChildProcessWorker.test.ts:46 
  originalForceColor = process.env.FORCE_COLOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #66a461604b4e996f Environment-variable access.
repo/packages/jest-worker/src/workers/__tests__/ChildProcessWorker.test.ts:47 
  delete process.env.FORCE_COLOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #bcb0e56b3fa2b072 Environment-variable access.
repo/packages/jest-worker/src/workers/__tests__/ChildProcessWorker.test.ts:70 
  process.env.FORCE_COLOR = originalForceColor;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #98947bbebb652dd8 Environment-variable access.
repo/packages/jest-worker/src/workers/__tests__/ChildProcessWorker.test.ts:85 
    workerId: Number(process.env.JEST_WORKER_ID) - 1,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #d4ec4b8f64f2a8ad Environment-variable access.
repo/packages/jest-worker/src/workers/__tests__/NodeThreadsWorker.test.ts:66 
    workerId: Number(process.env.JEST_WORKER_ID) - 1,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #4009e3a24c544884 Filesystem access.
repo/packages/jest-worker/src/workers/__tests__/WorkerEdgeCases.test.ts:8 
import {access, mkdir, rm, writeFile} from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #546f9d90b6dd3e43 Filesystem access.
repo/packages/jest-worker/src/workers/__tests__/WorkerEdgeCases.test.ts:61 
    await writeFile(writePath, result!.code!, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #100498722ae54bec Environment-variable access.
repo/packages/jest-worker/src/workers/__tests__/threadChild.test.ts:142 
  expect(process.env.JEST_WORKER_ID).toBe('3');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #f7fb550ca1ea31fa Environment-variable access.
repo/packages/jest-worker/src/workers/threadChild.ts:53 
      process.env.JEST_WORKER_ID = init[4];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #82847247d5951610 Environment-variable access.
repo/packages/test-utils/src/ConditionalTest.ts:15 
  return process.env.JEST_JASMINE === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #0a995c358efd30b3 Filesystem access.
repo/scripts/build.mjs:90 
    await fs.promises.writeFile(mjsEntryFile, `${esSource}\n`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #47eb9a3af781c65f Filesystem access.
repo/scripts/buildTs.mjs:83 
      stripJsonComments(fs.readFileSync(`${packageDir}/tsconfig.json`, 'utf8')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #ff48eb31e297cfb9 Filesystem access.
repo/scripts/buildTs.mjs:122 
      stripJsonComments(fs.readFileSync(tsConfigPath, 'utf8')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #53bbf284bf89e2eb Filesystem access.
repo/scripts/buildTs.mjs:196 
            Promise.all([file, fs.promises.readFile(file, 'utf8')]),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #4238e789df460432 Filesystem access.
repo/scripts/bundleTs.mjs:94 
await fs.promises.writeFile(
  path.resolve(
    path.dirname(fileURLToPath(import.meta.url)),
    '../api-extractor.json',
  ),
  JSON.stringify(sharedExtractorConfig, null, 2),
);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #b78e06b112ebe64c Filesystem access.
repo/scripts/bundleTs.mjs:122 
    await fs.promises.writeFile(
      configFile,
      JSON.stringify(
        {
          extends: '../../api-extractor.json',
          mainEntryPointFilePath: path.resolve(packageDir, pkg.types),
          projectFolder: packageDir,
        },
        null,
        2,
      ),
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #2506a935c175686b Filesystem access.
repo/scripts/bundleTs.mjs:163 
    let definitionFile = await fs.promises.readFile(filepath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #26d38529e59624d9 Filesystem access.
repo/scripts/bundleTs.mjs:224 
    await fs.promises.writeFile(
      filepath.replace(
        `${path.sep}dist${path.sep}`,
        `${path.sep}build${path.sep}`,
      ),
      formattedContent,
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #1a8fedcd6e9e6cb4 Filesystem access.
repo/scripts/checkChangelog.mjs:20 
  const data = fs.readFileSync(changelogPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #12df930d9eb756e2 Filesystem access.
repo/scripts/checkChangelog.mjs:51 
  const mainChangelog = fs.readFileSync(mainChangelogPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #c030aaf6981cde58 Filesystem access.
repo/scripts/checkCopyrightHeaders.mjs:12 
const getFileContents = path => fs.readFileSync(path, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #940e1ed9468475a2 Filesystem access.
repo/scripts/remove-examples.mjs:19 
fs.writeFileSync(
  configFile,
  `export default ${JSON.stringify(config, null, 2)};\n`,
);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #35c132d3052c370a Filesystem access.
repo/scripts/verifyOldTs.mjs:28 
    fs.readFileSync(require.resolve('../tsconfig.json'), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #8d99969d12939d56 Filesystem access.
repo/scripts/verifyOldTs.mjs:55 
    fs.writeFileSync(
      path.join(cwd, '.yarnrc.yml'),
      'nodeLinker: node-modules\n',
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #3e7ae2e6c6ec5f2c Filesystem access.
repo/scripts/verifyOldTs.mjs:65 
    fs.writeFileSync(
      path.join(cwd, 'tsconfig.json'),
      JSON.stringify(tsConfig, null, 2),
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #f0fd10888834dac3 Filesystem access.
repo/scripts/verifyOldTs.mjs:69 
    fs.writeFileSync(
      path.join(cwd, 'index.ts'),
      `import jest = require('${jestDirectory}');`,
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #566677ee76edc2b5 Filesystem access.
repo/scripts/verifyPnP.mjs:26 
  const yarnConfig = yaml.load(fs.readFileSync(yarnRcPath, 'utf8'), {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #36aa0dd152bbc13d Filesystem access.
repo/scripts/verifyPnP.mjs:30 
  fs.writeFileSync(
    path.join(cwd, '.yarnrc.yml'),
    dedent`
      enableGlobalCache: true

      enableScripts: true

      yarnPath: ${path.resolve(rootDirectory, yarnConfig.yarnPath)}
    `,
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #18717e98514ac072 Filesystem access.
repo/scripts/verifyPnP.mjs:40 
  fs.writeFileSync(
    path.join(cwd, 'package.json'),
    JSON.stringify(
      {
        dependencies: {
          jest: '*',
          'jest-environment-jsdom': '*',
        },
        name: 'test-pnp',
      },
      null,
      2,
    ),
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #7bfda7fb008e320c Filesystem access.
repo/scripts/verifyPnP.mjs:54 
  fs.writeFileSync(
    path.join(cwd, 'jsdom.test.js'),
    dedent`
      /*
       * @jest-environment jsdom
       */

      test('dummy', () => {
        expect(window).toBeDefined();
      });
    `,
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #6d8b43920fb423f2 Filesystem access.
repo/scripts/verifyPnP.mjs:66 
  fs.writeFileSync(
    path.join(cwd, 'node.test.js'),
    dedent`
      test('dummy', () => {
        expect(typeof window).toBe('undefined');
      });
    `,
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #f2c8df99fa11fade Filesystem access.
repo/website/docusaurus.config.mjs:22 
  fs.readFileSync(path.resolve(__dirname, '../crowdin.yaml'), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/jest-jasmine2

npm first-party
medium telemetry production #3f315e3efbb92b4c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/jest-jasmine2/src/jasmine/createSpy.ts:56 
    callTracker.track(callData);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

first-party (npm): examples/manual-mocks

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs test-only #eb17f1351833cb74 Filesystem access.
repo/examples/manual-mocks/__tests__/file_summarizer.test.js:15 
    require('fs').__setMockFiles(MOCK_FILE_INFO);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #9c6f0449f575cfe2 Environment-variable access.
repo/examples/manual-mocks/utils.js:2 
  return process.env.HOSTNAME === 'localhost';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): examples/typescript

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #7c69eacf12e565b2 Environment-variable access.
repo/examples/typescript/utils.ts:4 
  return process.env.HOSTNAME === 'localhost';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/babel-jest

npm first-party
expand_more 11 low-confidence finding(s)
low env_fs test-only #7bf9c34b4467ada8 Environment-variable access.
repo/packages/babel-jest/src/__tests__/getCacheKey.test.ts:27 
const nodeEnv = process.env.NODE_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #fc2c14c5f6e6c9d6 Environment-variable access.
repo/packages/babel-jest/src/__tests__/getCacheKey.test.ts:28 
const babelEnv = process.env.BABEL_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #15c6a625d8a41253 Environment-variable access.
repo/packages/babel-jest/src/__tests__/getCacheKey.test.ts:38 
  if (process.env.NODE_ENV === 'NEW_NODE_ENV') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #5d24316a07e9bb4e Environment-variable access.
repo/packages/babel-jest/src/__tests__/getCacheKey.test.ts:39 
    process.env.NODE_ENV = nodeEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #064e6763c2cd329a Environment-variable access.
repo/packages/babel-jest/src/__tests__/getCacheKey.test.ts:42 
  if (process.env.BABEL_ENV === 'NEW_BABEL_ENV') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #01db21c3ee703861 Environment-variable access.
repo/packages/babel-jest/src/__tests__/getCacheKey.test.ts:43 
    process.env.BABEL_ENV = babelEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #d84f05a4f870b7e2 Environment-variable access.
repo/packages/babel-jest/src/__tests__/getCacheKey.test.ts:217 
      process.env.NODE_ENV = 'NEW_NODE_ENV';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #8ca879c27eb33947 Environment-variable access.
repo/packages/babel-jest/src/__tests__/getCacheKey.test.ts:229 
      process.env.BABEL_ENV = 'NEW_BABEL_ENV';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #1d3feec656bfe71b Filesystem access.
repo/packages/babel-jest/src/index.ts:33 
const THIS_FILE = fs.readFileSync(__filename);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #885a0ddb79241fcb Environment-variable access.
repo/packages/babel-jest/src/index.ts:108 
    .update(process.env.NODE_ENV ?? '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #80bd34b3aa0732b4 Environment-variable access.
repo/packages/babel-jest/src/index.ts:110 
    .update(process.env.BABEL_ENV ?? '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/create-jest

npm first-party
expand_more 3 low-confidence finding(s)
low env_fs production #dc2712bc058d2d5c Filesystem access.
repo/packages/create-jest/src/runCreate.ts:65 
      fs.readFileSync(projectPackageJsonPath, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #8062900af369c52e Filesystem access.
repo/packages/create-jest/src/runCreate.ts:143 
    fs.writeFileSync(projectPackageJsonPath, modifiedPackageJson);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #5207fb23166423a0 Filesystem access.
repo/packages/create-jest/src/runCreate.ts:155 
  fs.writeFileSync(jestConfigPath, generatedConfig);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/expect-utils

npm first-party
expand_more 4 low-confidence finding(s)
low egress test-only #e83312d527bba9a0 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/expect-utils/src/__tests__/utils.test.ts:807 
    const a = new URL('https://jestjs.io/');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
low egress test-only #f6e25ad8287a44fe Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/expect-utils/src/__tests__/utils.test.ts:808 
    const b = new URL('https://jestjs.io/');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
low egress test-only #6b9891a6124a2795 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/expect-utils/src/__tests__/utils.test.ts:813 
    const a = new URL('https://jestjs.io/docs/getting-started');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
low egress test-only #fcb7806ca25b893e Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/expect-utils/src/__tests__/utils.test.ts:814 
    const b = new URL('https://jestjs.io/docs/getting-started#using-babel');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/jest-circus

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #3a258940610c947c Filesystem access.
repo/packages/jest-circus/src/__mocks__/testUtils.ts:51 
  fs.writeFileSync(tmpFilename, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/jest-cli

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #4e399cb906a0eef5 Environment-variable access.
repo/packages/jest-cli/bin/jest.js:12 
  if (process.env.NODE_ENV == null) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #7e16cf2d94c27399 Environment-variable access.
repo/packages/jest-cli/bin/jest.js:13 
    process.env.NODE_ENV = 'test';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/jest-config

npm first-party
expand_more 3 low-confidence finding(s)
low env_fs production #bb0df31280b85c64 Filesystem access.
repo/packages/jest-config/src/readConfigFileAndSetRootDir.ts:90 
      const fileContent = fs.readFileSync(configPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #6cc85e79065ebc45 Filesystem access.
repo/packages/jest-config/src/readConfigFileAndSetRootDir.ts:146 
  const docblockPragmas = parse(extract(fs.readFileSync(configPath, 'utf8')));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #df966ebce7617873 Filesystem access.
repo/packages/jest-config/src/resolveConfigPath.ts:143 
    const content = fs.readFileSync(packagePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/jest-core

npm first-party
expand_more 11 low-confidence finding(s)
low env_fs production #6a407d71f4d0f8dc Environment-variable access.
repo/packages/jest-core/src/TestScheduler.ts:67 
    key => key in process.env && process.env[key] !== '',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #2de36b0562be0e07 Environment-variable access.
repo/packages/jest-core/src/__tests__/TestScheduler.test.js:100 
      savedAgentEnv[key] = process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #12566266305411f7 Environment-variable access.
repo/packages/jest-core/src/__tests__/TestScheduler.test.js:101 
      delete process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #d71a8576a6e665fb Environment-variable access.
repo/packages/jest-core/src/__tests__/TestScheduler.test.js:109 
        delete process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #ab73beed7784d6ea Environment-variable access.
repo/packages/jest-core/src/__tests__/TestScheduler.test.js:111 
        process.env[key] = savedAgentEnv[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #78e73c91f17e905b Environment-variable access.
repo/packages/jest-core/src/__tests__/TestScheduler.test.js:132 
    process.env.AI_AGENT = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #716fc5f96eac1a54 Environment-variable access.
repo/packages/jest-core/src/__tests__/TestScheduler.test.js:144 
      delete process.env.AI_AGENT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #edc83be2c7a3464c Filesystem access.
repo/packages/jest-core/src/__tests__/watchFileChanges.test.ts:55 
    fs.writeFileSync(
      fileTargetPath2,
      `
        require('./lost-file.js');
        describe('Fake test', () => {
            it('Hey', () => {

            });
        });
      `,
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #bc0049a0736ab74f Filesystem access.
repo/packages/jest-core/src/__tests__/watchFileChanges.test.ts:125 
    fs.writeFileSync(
      fileTargetPath,
      `
        describe('Fake group', () => {
            it('Fake 1', () => {});
            it('Fake 2', () => {});
            it('Fake 3', () => {});
        });
      `,
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #a473474812ef9099 Filesystem access.
repo/packages/jest-core/src/runJest.ts:142 
      fs.writeFileSync(filePath, `${jsonString}\n`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #b26cfbdf358d09b9 Filesystem access.
repo/packages/jest-core/src/runJest.ts:261 
      fs.writeFileSync(outputFile, testsListOutput, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/jest-create-cache-key-function

npm first-party
expand_more 7 low-confidence finding(s)
low env_fs test-only #f23aea112fc70cb6 Environment-variable access.
repo/packages/jest-create-cache-key-function/src/__tests__/index.test.ts:14 
  NODE_ENV = process.env.NODE_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #65ec76e0913928b6 Environment-variable access.
repo/packages/jest-create-cache-key-function/src/__tests__/index.test.ts:15 
  process.env.NODE_ENV = 'test';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #7b430cc94af7c348 Environment-variable access.
repo/packages/jest-create-cache-key-function/src/__tests__/index.test.ts:16 
  BABEL_ENV = process.env.BABEL_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #e5e40c24a3f75380 Environment-variable access.
repo/packages/jest-create-cache-key-function/src/__tests__/index.test.ts:17 
  process.env.BABEL_ENV = 'test';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #ce2446a429bb114a Environment-variable access.
repo/packages/jest-create-cache-key-function/src/__tests__/index.test.ts:24 
  process.env.NODE_ENV = NODE_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #e51ac536f20cf029 Environment-variable access.
repo/packages/jest-create-cache-key-function/src/__tests__/index.test.ts:25 
  process.env.BABEL_ENV = BABEL_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #d8dafa142adc5ad2 Filesystem access.
repo/packages/jest-create-cache-key-function/src/index.ts:54 
    ...files.map((file: string) => readFileSync(file)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/jest-haste-map

npm first-party
expand_more 7 low-confidence finding(s)
low env_fs production #36456abe0631794f Environment-variable access.
repo/packages/jest-haste-map/src/index.ts:394 
          (process.env.NODE_ENV === 'test' && hasteMap) || null;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #1f3f0a719bacbb42 Filesystem access.
repo/packages/jest-haste-map/src/lib/CacheManager.ts:26 
      return deserialize(readFileSync(this._cachePath));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #4f099a0bc6c742bb Filesystem access.
repo/packages/jest-haste-map/src/lib/CacheManager.ts:33 
    writeFileSync(this._cachePath, serialize(hasteMap));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #bc0174e5a07a86ce Filesystem access.
repo/packages/jest-haste-map/src/lib/__tests__/walk.test.ts:24 
  fs.writeFileSync(filePath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #077f9a784b04a719 Filesystem access.
repo/packages/jest-haste-map/src/worker.ts:43 
      content = fs.readFileSync(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #609e217e70844e93 Filesystem access.
repo/packages/jest-haste-map/src/worker.ts:93 
    sha1 = sha1hex(content || fs.readFileSync(filePath));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #1fdb155ddd2460f5 Filesystem access.
repo/packages/jest-haste-map/src/worker.ts:101 
    ? sha1hex(fs.readFileSync(data.filePath))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/jest-message-util

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #e4e53a796b7d8999 Filesystem access.
repo/packages/jest-message-util/src/index.ts:363 
          fileContent = fs.readFileSync(filename, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/jest-reporters

npm first-party
expand_more 7 low-confidence finding(s)
low env_fs production #d044bcdfb01e5d7b Filesystem access.
repo/packages/jest-reporters/src/CoverageReporter.ts:480 
              fs.readFileSync(fileTransform.sourceMapPath, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #dd34a0e10a4a0713 Filesystem access.
repo/packages/jest-reporters/src/CoverageReporter.ts:495 
              : {source: fs.readFileSync(res.url, 'utf8')},

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #290a3ba2498c7e2a Filesystem access.
repo/packages/jest-reporters/src/CoverageWorker.ts:51 
    fs.readFileSync(path, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #304fb8fc20f6973d Environment-variable access.
repo/packages/jest-reporters/src/__tests__/SummaryReporter.test.js:31 
  process.env.npm_lifecycle_event = 'test';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #4007af70dc089f95 Environment-variable access.
repo/packages/jest-reporters/src/__tests__/SummaryReporter.test.js:32 
  process.env.npm_lifecycle_script = 'jest';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #0f5b0f09c7af9f18 Environment-variable access.
repo/packages/jest-reporters/src/__tests__/SummaryReporter.test.js:61 
  process.env.npm_config_user_agent = 'npm';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #18e91f4372ecbf91 Environment-variable access.
repo/packages/jest-reporters/src/__tests__/SummaryReporter.test.js:86 
  process.env.npm_config_user_agent = 'yarn';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/jest-resolve

npm first-party
expand_more 5 low-confidence finding(s)
low env_fs test-only #3c3349bfb3005f6e Environment-variable access.
repo/packages/jest-resolve/src/__tests__/resolve.test.ts:108 
    const nodePaths = process.env.NODE_PATH

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #5fc3b9232c595561 Environment-variable access.
repo/packages/jest-resolve/src/__tests__/resolve.test.ts:109 
      ? process.env.NODE_PATH.split(path.delimiter)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #1b81c88d760b35ba Environment-variable access.
repo/packages/jest-resolve/src/__tests__/resolve.test.ts:404 
    const nodePaths = process.env.NODE_PATH

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #c6a9072ce54bfcfe Environment-variable access.
repo/packages/jest-resolve/src/__tests__/resolve.test.ts:405 
      ? process.env.NODE_PATH.split(path.delimiter)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #9f0d7c32014b6ae0 Filesystem access.
repo/packages/jest-resolve/src/fileWalkers.ts:94 
  result = JSON.parse(fs.readFileSync(path, 'utf8')) as PackageJSON;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/jest-runner

npm first-party
expand_more 5 low-confidence finding(s)
low env_fs test-only #e64aefe1b64e1ed4 Environment-variable access.
repo/packages/jest-runner/src/__tests__/testRunner.test.ts:76 
  expect(process.env.JEST_WORKER_ID).toBe('1');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #878fd9a8ed094896 Environment-variable access.
repo/packages/jest-runner/src/index.ts:64 
    process.env.JEST_WORKER_ID = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #069bc10a9be33dd3 Filesystem access.
repo/packages/jest-runner/src/runTest.ts:87 
  const testSource = fs.readFileSync(path, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #2bc745f0069c156f Environment-variable access.
repo/packages/jest-runner/src/runTest.ts:117 
      process.env.JEST_JASMINE === '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #00f3b17a151fd33d Filesystem access.
repo/packages/jest-runner/src/runTest.ts:255 
            map: JSON.parse(fs.readFileSync(sourceMapSource, 'utf8')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/jest-runtime

npm first-party
expand_more 15 low-confidence finding(s)
low env_fs test-only #f462764bcc2463fc Environment-variable access.
repo/packages/jest-runtime/src/__tests__/runtime_node_path.test.js:22 
      process.env.NODE_PATH = nodePath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #a24778bab5f0231a Filesystem access.
repo/packages/jest-runtime/src/__tests__/runtime_require_resolve.test.ts:40 
    await fs.writeFile(
      absoluteFilePath,
      'module.exports = require.resolve(__filename);',
      'utf8',
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #cd7160e217b25b71 Filesystem access.
repo/packages/jest-runtime/src/__tests__/runtime_require_resolve.test.ts:64 
    await fs.writeFile(
      entrypoint,
      `module.exports = require.resolve(${JSON.stringify(
        target,
      )}, {paths: []});`,
      'utf8',
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #8bff29e70290a0e8 Filesystem access.
repo/packages/jest-runtime/src/__tests__/runtime_require_resolve.test.ts:72 
    await fs.writeFile(target, 'module.exports = {}', 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #e96fed9da445ffa1 Filesystem access.
repo/packages/jest-runtime/src/internals/CjsExportsCache.ts:71 
      this.fileCache.readFile(modulePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #f0eda91b4a5cb8cc Filesystem access.
repo/packages/jest-runtime/src/internals/FileCache.ts:30 
      source = fs.readFileSync(filename);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #b72bb4363eedbc0c Filesystem access.
repo/packages/jest-runtime/src/internals/TransformCache.ts:45 
    const source = this.fileCache.readFile(filename);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #f7e216f4c914a809 Filesystem access.
repo/packages/jest-runtime/src/internals/TransformCache.ts:64 
    const source = this.fileCache.readFile(filename);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #319b18dec6d5c48b Filesystem access.
repo/packages/jest-runtime/src/internals/TransformCache.ts:93 
    const source = stripBOM(this.fileCache.readFile(filename));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #4d88ce113866887c Filesystem access.
repo/packages/jest-runtime/src/internals/__tests__/FileCache.test.ts:39 
    expect(cache.readFile('/a.js')).toBe('hello');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #e6ced6e5b90fecd2 Filesystem access.
repo/packages/jest-runtime/src/internals/__tests__/FileCache.test.ts:40 
    expect(cache.readFile('/a.js')).toBe('hello');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #9947566d4de94134 Filesystem access.
repo/packages/jest-runtime/src/internals/__tests__/FileCache.test.ts:48 
    expect(cache.readFile('/a.js')).toBe('pre-populated');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #9747e46af8fa3d88 Filesystem access.
repo/packages/jest-runtime/src/internals/__tests__/FileCache.test.ts:57 
    cache.readFile('/a.js');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #ca57c376fa78a3f0 Filesystem access.
repo/packages/jest-runtime/src/internals/__tests__/FileCache.test.ts:66 
    cache.readFile('/a.js');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #4b7e3b7d27705b38 Filesystem access.
repo/packages/jest-runtime/src/internals/__tests__/FileCache.test.ts:74 
    cache.readFile('/a.js');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/jest-snapshot

npm first-party
expand_more 47 low-confidence finding(s)
low env_fs production #44c15406d4878e2a Filesystem access.
repo/packages/jest-snapshot/src/InlineSnapshots.ts:101 
      fs.writeFileSync(sourceFilePath, newSourceFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #ca049218ce0a55bd Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:48 
  fs.writeFileSync(filename, 'expect(1).toMatchInlineSnapshot();\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #db7bd9914e05cd1a Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:61 
  expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #4b06b5361384df63 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:68 
  fs.writeFileSync(
    filename,
    `${`
const a = [1,            2];
expect(a).toMatchInlineSnapshot(\`an out-of-date and also multi-line
snapshot\`);
expect(a).toMatchInlineSnapshot();
expect(a).toMatchInlineSnapshot(\`[1, 2]\`);
`.trim()}\n`,
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #d6fd4d7ba88f65a5 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:88 
  expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #3bcbea4c88c98793 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:99 
  fs.writeFileSync(
    filename,
    `${`
const a = [1,            2];
expect(a).toMatchInlineSnapshot(\`an out-of-date and also multi-line
snapshot\`);
expect(a).toMatchInlineSnapshot();
expect(a).toMatchInlineSnapshot(\`[1, 2]\`);
`.trim()}\n`,
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #d2f46f69cda86c5a Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:119 
  expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #f38d82bec53f19a8 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:132 
    fs.writeFileSync(
      filename,
      `${`
interface Foo {
  foo: string
}
const a: [Foo, Foo] = [{ foo: 'one' },            { foo: 'two' }];
expect(a).toMatchInlineSnapshot();
`.trim()}\n`,
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #fd66d1ba3fce9060 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:154 
    expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #3c1b21f795168afe Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:168 
  fs.writeFileSync(
    filename,
    `${`
it('foos', async () => {
  const Foo = (props: { foo: string }) => <div>{props.foo}</div>;
  const a = await Foo({ foo: "hello" });
  expect(a).toMatchInlineSnapshot();
})
`.trim()}\n`,
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #27dc3b4257c17650 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:190 
  expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #2ea048b483526ba8 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:203 
  fs.writeFileSync(
    filename,
    `${`
const Foo = (props: { foo: string }) => <div>{props.foo}</div>;
const a = Foo({ foo: "hello" });
expect(a).toMatchInlineSnapshot();
`.trim()}\n`,
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #79d809a7ce7ef620 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:211 
  fs.writeFileSync(
    path.join(dir, '.babelrc'),
    JSON.stringify({
      presets: [
        require.resolve('@babel/preset-flow'),
        require.resolve('@babel/preset-react'),
      ],
    }),
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #dba981fc76c151eb Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:232 
  expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #e846754e20108f04 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:243 
  fs.writeFileSync(
    filename,
    `${`
const a = [1,            2];
expect(a).toMatchInlineSnapshot(\`an out-of-date and also multi-line
snapshot\`);
expect(a).toMatchInlineSnapshot();
expect(a).toMatchInlineSnapshot(\`[1, 2]\`);
`.trim()}\n`,
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #cc1baf2144b5afde Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:263 
  expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #49207c3f2b409e8d Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:276 
    fs.writeFileSync(filename, 'expect(1).toMatchInlineSnapshot(`2`);\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #619a3c710b510ab1 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:295 
    expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #168174a0814da009 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:303 
  fs.writeFileSync(filename, 'expect(1).toMatchInlineSnapshot({}, `2`);\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #cfe4ba472f3d2dca Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:316 
  expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #28b26b479533cb48 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:325 
    fs.writeFileSync(filename, 'expect(1).toMatchInlineSnapshot({});\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #82c75c38ff787001 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:338 
    expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #b477433553e35191 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:346 
  fs.writeFileSync(filename, 'expect(1).toMatchInlineSnapshot();\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #4259a22430c3388d Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:369 
  fs.writeFileSync(filename, 'expect(1).toMatchInlineSnapshot();\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #43858dc33c517e10 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:389 
  fs.writeFileSync(filename, 'expect("`").toMatchInlineSnapshot();\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #c52d75994163062d Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:394 
  expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #90f467de0fdffbee Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:401 
  fs.writeFileSync(filename, "expect({a: 'a'}).toMatchInlineSnapshot();\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #96a3c77a980f99a2 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:418 
  expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #5b05ef774bb3c1fe Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:425 
  fs.writeFileSync(
    filename,
    "it('is a test', () => {\n" +
      "  expect({a: 'a'}).toMatchInlineSnapshot();\n" +
      '});\n',
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #aed3b8f8422e7d4d Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:447 
  expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #7688b588f6688ae2 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:460 
  fs.writeFileSync(
    filename,
    "it('is an error test', () => {\n" +
      '  expect(() => {\n' +
      "    throw new Error(['a', 'b'].join('\\n'));\n" +
      '  }).toThrowErrorMatchingInlineSnapshot(`\n' +
      '    "a\n' +
      '    b"\n' +
      '  `);\n' +
      '});\n' +
      "it('is another test', () => {\n" +
      "  expect({a: 'a'}).toMatchInlineSnapshot();\n" +
      '});\n',
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #ed66bd890820e6bf Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:490 
  expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #7603546db43a6f1e Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:511 
  fs.writeFileSync(
    filename,
    "it('is a test', () => {\n" +
      "  expect({a: 'a'}).toMatchInlineSnapshot();\n" +
      '});\n' +
      "it('is a another test', () => {\n" +
      "  expect({b: 'b'}).toMatchInlineSnapshot(`\n" +
      '    Object {\n' +
      "      b: 'b'\n" +
      '    }\n' +
      '  `);\n' +
      '});\n',
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #4e4bb1a90219db20 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:540 
  expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #d60cda7343e6ba0e Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:560 
  fs.writeFileSync(
    filename,
    "it('is a test', () => {\n" +
      "  expect({a: 'a'}).toMatchInlineSnapshot();\n" +
      '});\n',
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #a07980ace7b82795 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:583 
  expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #70732be64264c8db Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:596 
  fs.writeFileSync(
    filename,
    "it('is a test', () => expect({a: 'a'}).toMatchInlineSnapshot());\n",
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #ec66281e15c1ef75 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:616 
  expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #c1029f7a51504166 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:628 
  fs.writeFileSync(
    filename,
    "it('is a test', () => expect(`hello\n\nworld`).toMatchInlineSnapshot());\n",
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #dad6debdbf87714f Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:648 
  expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #e31acd5e65b6c06d Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:660 
  fs.writeFileSync(
    filename,
    "it('is a test', async () => {\n" +
      "  const a = Promise.resolve({a: 'a'});\n" +
      '  await expect(a).resolves.toMatchInlineSnapshot();\n' +
      '});\n',
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #5170bf254f3aa24b Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:683 
  expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #12f17d23d2b00333 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:697 
  fs.writeFileSync(
    filename,
    'const foo = {\n' +
      '  "1": "Some value",\n' +
      '};\n' +
      'test("something", () => {\n' +
      '  expect("a").toMatchInlineSnapshot();\n' +
      '});\n',
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #cee4287464aa2c8e Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:725 
  expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #1b7b713afc67d12d Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:737 
  fs.writeFileSync(filename, 'expect("a").toMatchInlineSnapshot("b");\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #0b682caa13fa5ee9 Filesystem access.
repo/packages/jest-snapshot/src/__tests__/InlineSnapshots.test.ts:750 
  expect(fs.readFileSync(filename, 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #82640efce3c4b470 Filesystem access.
repo/packages/jest-snapshot/src/utils.ts:203 
  const sourceFile = fs.readFileSync(sourceFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/jest-snapshot-utils

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #b4c9b5916f249928 Filesystem access.
repo/packages/jest-snapshot-utils/src/utils.ts:146 
      snapshotContents = fs.readFileSync(snapshotPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #bd96f163a41b29de Filesystem access.
repo/packages/jest-snapshot-utils/src/utils.ts:196 
  fs.writeFileSync(
    snapshotPath,
    `${writeSnapshotVersion()}\n\n${snapshots.join('\n\n')}\n`,
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/jest-source-map

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #6f44f4341c575287 Filesystem access.
repo/packages/jest-source-map/src/getCallsite.ts:60 
      const sourceMap = readFileSync(sourceMapFileName, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/jest-test-sequencer

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #36972186e16c30f4 Filesystem access.
repo/packages/jest-test-sequencer/src/index.ts:75 
            JSON.parse(fs.readFileSync(cachePath, 'utf8')) as Cache,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #ab0ef95153515288 Filesystem access.
repo/packages/jest-test-sequencer/src/index.ts:243 
      fs.writeFileSync(this._getCachePath(context), JSON.stringify(cache));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/jest-transform

npm first-party
expand_more 3 low-confidence finding(s)
low env_fs production #a8c99842a809e89e Filesystem access.
repo/packages/jest-transform/src/ScriptTransformer.ts:611 
      fileContent = fs.readFileSync(filename, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #e80adbaa4e05feaa Filesystem access.
repo/packages/jest-transform/src/ScriptTransformer.ts:657 
      fileContent = fs.readFileSync(filename, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #d639b06dc91dbf01 Filesystem access.
repo/packages/jest-transform/src/ScriptTransformer.ts:973 
    fileData = fs.readFileSync(cachePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/jest-util

npm first-party
expand_more 10 low-confidence finding(s)
low env_fs test-only #e5de370e443c369e Environment-variable access.
repo/packages/jest-util/src/__tests__/createProcessObject.test.ts:51 
  process.env.PROP_STRING = 'foo';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #aff1f3cc4665f3ac Environment-variable access.
repo/packages/jest-util/src/__tests__/createProcessObject.test.ts:53 
  process.env.PROP_NUMBER = 3;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #19fd80e399055e3e Environment-variable access.
repo/packages/jest-util/src/__tests__/createProcessObject.test.ts:54 
  process.env.PROP_UNDEFINED = undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #442911104ffe4282 Environment-variable access.
repo/packages/jest-util/src/__tests__/createProcessObject.test.ts:70 
  expect(process.env.PROP_ADDED).toBeUndefined();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #d3d500c58e7ddaa9 Environment-variable access.
repo/packages/jest-util/src/__tests__/createProcessObject.test.ts:90 
  process.env.PROP_STRING = 'foo';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #5452cd5c8e9c9693 Environment-variable access.
repo/packages/jest-util/src/__tests__/isInteractive.test.ts:11 
const oldTERM = process.env.TERM;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #6e71f4b55e8c611d Environment-variable access.
repo/packages/jest-util/src/__tests__/isInteractive.test.ts:15 
  process.env.TERM = oldTERM;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #56c7bb10e614dc9a Environment-variable access.
repo/packages/jest-util/src/__tests__/isInteractive.test.ts:22 
  process.env.TERM = 'xterm-256color';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #51f7edeb8701762d Environment-variable access.
repo/packages/jest-util/src/__tests__/isInteractive.test.ts:41 
    process.env.TERM = term;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #58d2862146ec0545 Environment-variable access.
repo/packages/jest-util/src/isInteractive.ts:21 
    return process.env.TERM !== 'dumb';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/jest-worker

npm first-party
expand_more 11 low-confidence finding(s)
low env_fs test-only #d48a7be4cb73c22e Filesystem access.
repo/packages/jest-worker/src/__tests__/leak-integration.test.ts:18 
    writeFileSync(workerFile, 'module.exports.fn = () => {};');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #2d1cf74591644275 Filesystem access.
repo/packages/jest-worker/src/__tests__/leak-integration.test.ts:48 
    writeFileSync(workerFile, 'module.exports.fn = (obj) => [obj];');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #6d1a1566d38fe692 Environment-variable access.
repo/packages/jest-worker/src/workers/__tests__/ChildProcessWorker.test.ts:46 
  originalForceColor = process.env.FORCE_COLOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #66a461604b4e996f Environment-variable access.
repo/packages/jest-worker/src/workers/__tests__/ChildProcessWorker.test.ts:47 
  delete process.env.FORCE_COLOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #bcb0e56b3fa2b072 Environment-variable access.
repo/packages/jest-worker/src/workers/__tests__/ChildProcessWorker.test.ts:70 
  process.env.FORCE_COLOR = originalForceColor;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #98947bbebb652dd8 Environment-variable access.
repo/packages/jest-worker/src/workers/__tests__/ChildProcessWorker.test.ts:85 
    workerId: Number(process.env.JEST_WORKER_ID) - 1,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #d4ec4b8f64f2a8ad Environment-variable access.
repo/packages/jest-worker/src/workers/__tests__/NodeThreadsWorker.test.ts:66 
    workerId: Number(process.env.JEST_WORKER_ID) - 1,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #4009e3a24c544884 Filesystem access.
repo/packages/jest-worker/src/workers/__tests__/WorkerEdgeCases.test.ts:8 
import {access, mkdir, rm, writeFile} from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #546f9d90b6dd3e43 Filesystem access.
repo/packages/jest-worker/src/workers/__tests__/WorkerEdgeCases.test.ts:61 
    await writeFile(writePath, result!.code!, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs test-only #100498722ae54bec Environment-variable access.
repo/packages/jest-worker/src/workers/__tests__/threadChild.test.ts:142 
  expect(process.env.JEST_WORKER_ID).toBe('3');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs production #f7fb550ca1ea31fa Environment-variable access.
repo/packages/jest-worker/src/workers/threadChild.ts:53 
      process.env.JEST_WORKER_ID = init[4];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/test-utils

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #82847247d5951610 Environment-variable access.
repo/packages/test-utils/src/ConditionalTest.ts:15 
  return process.env.JEST_JASMINE === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): website

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #f2c8df99fa11fade Filesystem access.
repo/website/docusaurus.config.mjs:22 
  fs.readFileSync(path.resolve(__dirname, '../crowdin.yaml'), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

@babel/register

npm dependency
high pii_flow dependency Excluded from app score #bbbe9d432126ec64 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/@[email protected]/lib/worker/index.js:175 · flow /tmp/closeopen-3hmu6ar4/pkgs/npm/@[email protected]/lib/worker/index.js:86 → /tmp/closeopen-3hmu6ar4/pkgs/npm/@[email protected]/lib/worker/index.js:175 
    await cacache.put(this.cacheDir, key, gzipSync(buf), {
      algorithms: ["sha1"]
    });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
medium pii_flow dependency Excluded from app score #93e36302f53889e1 PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/@[email protected]/lib/worker/index.js:95 · flow /tmp/closeopen-3hmu6ar4/pkgs/npm/@[email protected]/lib/worker/index.js:86 → /tmp/closeopen-3hmu6ar4/pkgs/npm/@[email protected]/lib/worker/index.js:95 
        console.warn(`Cache directory ${this.cacheDir} is a file, not a directory.`);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
medium pii_flow dependency Excluded from app score #79f4e1db5b860720 PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/@[email protected]/lib/worker/index.js:105 · flow /tmp/closeopen-3hmu6ar4/pkgs/npm/@[email protected]/lib/worker/index.js:86 → /tmp/closeopen-3hmu6ar4/pkgs/npm/@[email protected]/lib/worker/index.js:105 
      console.warn(`Failed to create cache directory ${this.cacheDir}`);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
medium pii_flow dependency Excluded from app score #2ef960458de70009 PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/@[email protected]/lib/worker/index.js:112 · flow /tmp/closeopen-3hmu6ar4/pkgs/npm/@[email protected]/lib/worker/index.js:86 → /tmp/closeopen-3hmu6ar4/pkgs/npm/@[email protected]/lib/worker/index.js:112 
      console.warn(`Cache directory ${this.cacheDir} is not writable or readable.`);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #a7ff59362e2aae44 Environment-variable access.
pkgs/npm/@[email protected]/lib/index.js:66 
const isInRegisterWorker = process.env[envVarName] === envVarValue;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #1fc1777833c1291c Environment-variable access.
pkgs/npm/@[email protected]/lib/worker/index.js:86 
  cacheDir = process.env.BABEL_CACHE_PATH || cache$1("@babel/register") || path.join(os.tmpdir() || os.homedir(), `.babel-register`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #9b4a71153ef2c3f7 Environment-variable access.
pkgs/npm/@[email protected]/lib/worker/index.js:92 
    globalDisableCache = !!process.env.BABEL_DISABLE_CACHE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@babel/core

npm dependency
expand_more 7 low-confidence finding(s)
low env_fs dependency Excluded from app score #4c3750bfac5545bf Filesystem access.
pkgs/npm/@[email protected]/lib/config/files/index.js:20 
    return fn(filepath, yield* readFile(filepath, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #fab63fbff9f3f256 Environment-variable access.
pkgs/npm/@[email protected]/lib/config/files/index.js:326 
  const targetPath = process.env.BABEL_SHOW_CONFIG_FOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #6b59ab020cdfaab4 Environment-variable access.
pkgs/npm/@[email protected]/lib/index-shared.js:315 
  return process.env.BABEL_ENV || process.env.NODE_ENV || defaultValue;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #6b59ab020cdfaab4 Environment-variable access.
pkgs/npm/@[email protected]/lib/index-shared.js:315 
  return process.env.BABEL_ENV || process.env.NODE_ENV || defaultValue;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #776c1f57c365b724 Environment-variable access.
pkgs/npm/@[email protected]/lib/index-shared.js:1761 
  if (typeof process !== "undefined" && process.env.BABEL_7_TO_8_DANGEROUSLY_DISABLE_VERSION_CHECK) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #46e270276529efc0 Filesystem access.
pkgs/npm/@[email protected]/lib/transform-file.js:12 
  const code = yield* readFile(filename, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #6b78ad1a0dce42a8 Filesystem access.
pkgs/npm/@[email protected]/lib/transformation/read-input-source-map-file.js:65 
    const inputMapContent = fs.readFileSync(inputMapPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@crowdin/cli

npm dependency
expand_more 7 low-confidence finding(s)
low env_fs dependency Excluded from app score #e24c5c2b237662f5 Environment-variable access.
pkgs/npm/@[email protected]/jdeploy-bundle/jdeploy.js:5 
var jdeployHomeDir = process.env.JDEPLOY_HOME || path.join(os.homedir(), '.jdeploy');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #e05c659f5dbe7e38 Filesystem access.
pkgs/npm/@[email protected]/jdeploy-bundle/jdeploy.js:29 
    const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #e05c659f5dbe7e38 Filesystem access.
pkgs/npm/@[email protected]/jdeploy-bundle/jdeploy.js:29 
    const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #01b3309ef9a1e5e8 Filesystem access.
pkgs/npm/@[email protected]/jdeploy-bundle/jdeploy.js:94 
        fs.readFile(file, (err, data) => {
          if (err) reject(err)

          resolve(
            crypto
              .createHash('sha256')
              .update(data)
              .digest('hex')
          )
        })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #f0ea7d99b88ae566 Filesystem access.
pkgs/npm/@[email protected]/jdeploy-bundle/jdeploy.js:109 
        fs.readFile(file + '.sha256.txt', 'utf-8', (err, data) => {
          if (err) reject(err)

          genChecksum(file).then(checksum => {
            checksum === data.split('  ')[0]
              ? resolve(file)
              : reject(new Error('File and checksum don\'t match'))
          })
        })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #5cb1d5119852d1cb Filesystem access.
pkgs/npm/@[email protected]/jdeploy-bundle/jdeploy.js:365 
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #5cb1d5119852d1cb Filesystem access.
pkgs/npm/@[email protected]/jdeploy-bundle/jdeploy.js:365 
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@microsoft/api-extractor

npm dependency
expand_more 14 low-confidence finding(s)
low env_fs dependency Excluded from app score #470f0f1d3e6ccc63 Filesystem access.
pkgs/npm/@[email protected]/lib-commonjs/analyzer/PackageMetadataManager.js:199 
        node_core_library_1.FileSystem.writeFile(tsdocMetadataPath, fileContent, {
            convertLineEndings: newlineKind,
            ensureFolderExists: true
        });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #38226aee44731e5c Filesystem access.
pkgs/npm/@[email protected]/lib-commonjs/api/Extractor.js:226 
        node_core_library_1.FileSystem.writeFile(actualApiReportPath, actualApiReportContent, {
            ensureFolderExists: true,
            convertLineEndings: extractorConfig.newlineKind
        });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #a8a2cd55327a236e Filesystem access.
pkgs/npm/@[email protected]/lib-commonjs/api/Extractor.js:232 
            const expectedApiReportContent = node_core_library_1.FileSystem.readFile(expectedApiReportPath, {
                convertLineEndings: node_core_library_1.NewlineKind.Lf
            });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #f0e3ccf7bebd8899 Filesystem access.
pkgs/npm/@[email protected]/lib-commonjs/api/Extractor.js:247 
                    node_core_library_1.FileSystem.writeFile(expectedApiReportPath, actualApiReportContent, {
                        ensureFolderExists: true,
                        convertLineEndings: extractorConfig.newlineKind
                    });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #ceff3b4074de6078 Filesystem access.
pkgs/npm/@[email protected]/lib-commonjs/api/Extractor.js:286 
                    node_core_library_1.FileSystem.writeFile(expectedApiReportPath, actualApiReportContent, {
                        convertLineEndings: extractorConfig.newlineKind
                    });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #536f08b47831bbb9 Filesystem access.
pkgs/npm/@[email protected]/lib-commonjs/collector/SourceMapper.js:91 
                originalFileInfo.maxColumnForLine = node_core_library_1.FileSystem.readFile(mappedFilePath, {
                    convertLineEndings: node_core_library_1.NewlineKind.Lf
                })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #27e242a4dc5cc287 Filesystem access.
pkgs/npm/@[email protected]/lib-commonjs/generators/DtsRollupGenerator.js:91 
        node_core_library_1.FileSystem.writeFile(dtsFilename, writer.toString(), {
            convertLineEndings: newlineKind,
            ensureFolderExists: true
        });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #79c0cddb768eb928 Filesystem access.
pkgs/npm/@[email protected]/lib-esm/analyzer/PackageMetadataManager.js:192 
        FileSystem.writeFile(tsdocMetadataPath, fileContent, {
            convertLineEndings: newlineKind,
            ensureFolderExists: true
        });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #74872177736f3154 Filesystem access.
pkgs/npm/@[email protected]/lib-esm/api/Extractor.js:189 
        FileSystem.writeFile(actualApiReportPath, actualApiReportContent, {
            ensureFolderExists: true,
            convertLineEndings: extractorConfig.newlineKind
        });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #a29758ac6f81dbfb Filesystem access.
pkgs/npm/@[email protected]/lib-esm/api/Extractor.js:195 
            const expectedApiReportContent = FileSystem.readFile(expectedApiReportPath, {
                convertLineEndings: NewlineKind.Lf
            });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #e593d4667422e37f Filesystem access.
pkgs/npm/@[email protected]/lib-esm/api/Extractor.js:210 
                    FileSystem.writeFile(expectedApiReportPath, actualApiReportContent, {
                        ensureFolderExists: true,
                        convertLineEndings: extractorConfig.newlineKind
                    });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #9479f2e08cfc7560 Filesystem access.
pkgs/npm/@[email protected]/lib-esm/api/Extractor.js:249 
                    FileSystem.writeFile(expectedApiReportPath, actualApiReportContent, {
                        convertLineEndings: extractorConfig.newlineKind
                    });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #d484cd0594e1f43c Filesystem access.
pkgs/npm/@[email protected]/lib-esm/collector/SourceMapper.js:55 
                originalFileInfo.maxColumnForLine = FileSystem.readFile(mappedFilePath, {
                    convertLineEndings: NewlineKind.Lf
                })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #3320c84ae524d94c Filesystem access.
pkgs/npm/@[email protected]/lib-esm/generators/DtsRollupGenerator.js:55 
        FileSystem.writeFile(dtsFilename, writer.toString(), {
            convertLineEndings: newlineKind,
            ensureFolderExists: true
        });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

babel-loader

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #884cc81151745c44 Filesystem access.
pkgs/npm/[email protected]/lib/cache.js:63 
  const data = await readFile(filename + (compress ? ".gz" : ""));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #b3ab711dc9d04317 Filesystem access.
pkgs/npm/[email protected]/lib/cache.js:78 
  return await writeFile(filename + (compress ? ".gz" : ""), data);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

eslint

npm dependency
expand_more 13 low-confidence finding(s)
low env_fs dependency Excluded from app score #fd230e8be2c05bfe Filesystem access.
pkgs/npm/[email protected]/lib/cli-engine/lint-result-cache.js:129 
			results.source = fs.readFileSync(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #ba59a1809fd05d82 Filesystem access.
pkgs/npm/[email protected]/lib/cli.js:133 
			await writeFile(filePath, output);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #7b3c178530360fe9 Filesystem access.
pkgs/npm/[email protected]/lib/eslint/eslint-helpers.js:1281 
		const text = await fsp.readFile(filePath, {
			encoding: "utf8",
			signal: controller?.signal,
		});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #23c3a0599c1d9a9e Environment-variable access.
pkgs/npm/[email protected]/lib/eslint/eslint-helpers.js:1326 
	if (!process.env.ESLINT_FLAGS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #badbb8f6ca6f3128 Environment-variable access.
pkgs/npm/[email protected]/lib/eslint/eslint-helpers.js:1330 
	const envFlags = process.env.ESLINT_FLAGS.trim().split(/\s*,\s*/gu);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #ec712290bf687f4f Filesystem access.
pkgs/npm/[email protected]/lib/eslint/eslint.js:825 
					retrier.retry(() => fs.writeFile(r.filePath, r.output)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #9ca103fe8633637b Environment-variable access.
pkgs/npm/[email protected]/lib/linter/timing.js:44 
const enabled = !!process.env.TIMING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #f48cac44cdcd6f75 Environment-variable access.
pkgs/npm/[email protected]/lib/linter/timing.js:56 
	if (typeof process.env.TIMING !== "string") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #bfe2d2938c917772 Environment-variable access.
pkgs/npm/[email protected]/lib/linter/timing.js:60 
	if (process.env.TIMING.toLowerCase() === "all") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #4421b7329d3bd3d2 Environment-variable access.
pkgs/npm/[email protected]/lib/linter/timing.js:64 
	const TIMING_ENV_VAR_AS_INTEGER = Number.parseInt(process.env.TIMING, 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #b41d1fd3c5e3d1b1 Filesystem access.
pkgs/npm/[email protected]/lib/rule-tester/rule-tester.js:697 
				let content = readFileSync(sourceFile, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #76b26aefc1004e27 Filesystem access.
pkgs/npm/[email protected]/lib/services/suppressions-service.js:217 
			const data = await fs.promises.readFile(this.filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #9aa07719ef8aecf6 Filesystem access.
pkgs/npm/[email protected]/lib/services/suppressions-service.js:240 
		return fs.promises.writeFile(
			this.filePath,
			stringify(suppressions, { space: 2 }),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

eslint-config-prettier

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #603bea4cc93cb8ec Environment-variable access.
pkgs/npm/[email protected]/bin/cli.js:45 
      switch (process.env.ESLINT_USE_FLAT_CONFIG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #902dbd961715b816 Environment-variable access.
pkgs/npm/[email protected]/index.js:3 
const includeDeprecated = !process.env.ESLINT_CONFIG_PRETTIER_NO_DEPRECATED;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

eslint-plugin-import-x

npm dependency
expand_more 8 low-confidence finding(s)
low env_fs dependency Excluded from app score #1e77b3022f3a12fb Filesystem access.
pkgs/npm/[email protected]/lib/index.cjs:658 
			pkg: JSON.parse(stripBOM(node_fs.default.readFileSync(fp, { encoding: "utf8" }))),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #cd17f776a03fb080 Filesystem access.
pkgs/npm/[email protected]/lib/index.cjs:1369 
		const content = node_fs.default.readFileSync(filepath, { encoding: "utf8" });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #2549bd4b1281d81c Environment-variable access.
pkgs/npm/[email protected]/lib/index.cjs:2029 
	const client = process.env.npm_config_user_agent?.split("/")[0];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #42d4a3945a9c5464 Filesystem access.
pkgs/npm/[email protected]/lib/index.cjs:4384 
		return JSON.parse(node_fs.default.readFileSync(jsonPath, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #e4f12c3c69a12d62 Filesystem access.
pkgs/npm/[email protected]/lib/rules/no-extraneous-dependencies.js:16 
        return JSON.parse(fs.readFileSync(jsonPath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #abfa241db538d96e Filesystem access.
pkgs/npm/[email protected]/lib/utils/export-map.js:68 
        const content = fs.readFileSync(filepath, { encoding: 'utf8' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #1adf1bd24f934035 Environment-variable access.
pkgs/npm/[email protected]/lib/utils/npm-client.js:14 
    const client = process.env.npm_config_user_agent?.split('/')[0];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #b635abb4d65152c8 Filesystem access.
pkgs/npm/[email protected]/lib/utils/read-pkg-up.js:13 
            pkg: JSON.parse(stripBOM(fs.readFileSync(fp, { encoding: 'utf8' }))),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

eslint-plugin-jest

npm dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #fd7e008a0921807a Filesystem access.
pkgs/npm/[email protected]/lib/index.js:3 
var _fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #fd7e008a0921807a Filesystem access.
pkgs/npm/[email protected]/lib/index.js:3 
var _fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #15d6990b971d9d1d Filesystem access.
pkgs/npm/[email protected]/lib/rules/valid-mock-module-path.js:7 
var _fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #15d6990b971d9d1d Filesystem access.
pkgs/npm/[email protected]/lib/rules/valid-mock-module-path.js:7 
var _fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

eslint-plugin-jsdoc

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #6eb77529cddda8a4 Filesystem access.
pkgs/npm/[email protected]/src/getJsdocProcessorPlugin.js:35 
  readFileSync(join(import.meta.dirname, '../package.json'), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #d4571dc488ef7b1f Filesystem access.
pkgs/npm/[email protected]/src/rules/importsAsDependencies.js:26 
      readFileSync(join(process.cwd(), './package.json'), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #272a6466ac1a203f Filesystem access.
pkgs/npm/[email protected]/src/rules/importsAsDependencies.js:101 
              readFileSync(join(process.cwd(), 'node_modules', mod, './package.json'), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

eslint-plugin-unicorn

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #6e915cd3f25c8841 Filesystem access.
pkgs/npm/[email protected]/rules/shared/package-json.js:33 
			packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

execa

npm dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #392f73d2a257e848 Filesystem access.
pkgs/npm/[email protected]/lib/io/output-sync.js:132 
			writeFileSync(path, serializedResult);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #0e4952a7ebd9f47e Filesystem access.
pkgs/npm/[email protected]/lib/stdio/handle-sync.js:41 
		fileUrl: ({value}) => ({contents: [bufferToUint8Array(readFileSync(value))]}),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #ba1175433a444bcb Filesystem access.
pkgs/npm/[email protected]/lib/stdio/handle-sync.js:42 
		filePath: ({value: {file}}) => ({contents: [bufferToUint8Array(readFileSync(file))]}),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #f0d8432c806bbea2 Filesystem access.
pkgs/npm/[email protected]/lib/stdio/native.js:59 
	return {type: 'uint8Array', value: bufferToUint8Array(readFileSync(targetFdNumber)), optionName};

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

graceful-fs

npm dependency
expand_more 6 low-confidence finding(s)
low env_fs dependency Excluded from app score #70f8eabf3987bf23 Filesystem access.
pkgs/npm/[email protected]/graceful-fs.js:1 
var fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #70f8eabf3987bf23 Filesystem access.
pkgs/npm/[email protected]/graceful-fs.js:1 
var fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #99dd74916c17dcb0 Environment-variable access.
pkgs/npm/[email protected]/graceful-fs.js:35 
else if (/\bgfs4\b/i.test(process.env.NODE_DEBUG || ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #101f76f6c41b4627 Environment-variable access.
pkgs/npm/[email protected]/graceful-fs.js:84 
  if (/\bgfs4\b/i.test(process.env.NODE_DEBUG || '')) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #81e5fbd0c667c9d7 Environment-variable access.
pkgs/npm/[email protected]/graceful-fs.js:97 
if (process.env.TEST_GRACEFUL_FS_GLOBAL_PATCH && !fs.__patched) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #7efff0a565152802 Environment-variable access.
pkgs/npm/[email protected]/polyfills.js:6 
var platform = process.env.GRACEFUL_FS_PLATFORM || process.platform

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

istanbul-lib-report

npm dependency
expand_more 8 low-confidence finding(s)
low env_fs dependency Excluded from app score #6eb5da326534b22d Filesystem access.
pkgs/npm/[email protected]/lib/context.js:6 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #6eb5da326534b22d Filesystem access.
pkgs/npm/[email protected]/lib/context.js:6 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #944b781a410079ed Filesystem access.
pkgs/npm/[email protected]/lib/context.js:15 
        return fs.readFileSync(path, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #823bb13612636c12 Filesystem access.
pkgs/npm/[email protected]/lib/file-writer.js:7 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #823bb13612636c12 Filesystem access.
pkgs/npm/[email protected]/lib/file-writer.js:7 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #6dc4a8e27b35be89 Filesystem access.
pkgs/npm/[email protected]/lib/file-writer.js:163 
            contents = header + fs.readFileSync(source, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #c46a558bcf79c136 Filesystem access.
pkgs/npm/[email protected]/lib/file-writer.js:165 
            contents = fs.readFileSync(source);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #7c79c0de5f8db12c Filesystem access.
pkgs/npm/[email protected]/lib/file-writer.js:167 
        fs.writeFileSync(dest, contents);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

istanbul-reports

npm dependency
expand_more 15 low-confidence finding(s)
low env_fs dependency Excluded from app score #c2b687c94a3188d9 Filesystem access.
pkgs/npm/[email protected]/lib/clover/index.js:18 
        this.cw = context.writer.writeFile(this.file);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #cb24834c1f91c0bf Filesystem access.
pkgs/npm/[email protected]/lib/cobertura/index.js:24 
        this.cw = context.writer.writeFile(this.file);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #aa0f712d2f8f288d Filesystem access.
pkgs/npm/[email protected]/lib/html-spa/index.js:6 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #aa0f712d2f8f288d Filesystem access.
pkgs/npm/[email protected]/lib/html-spa/index.js:6 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #9fac669b009db3f1 Filesystem access.
pkgs/npm/[email protected]/lib/html-spa/index.js:146 
        const cw = this.getWriter(context).writeFile(
            this.linkMapper.getPath(rootNode)
        );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #8b695f8ff0c630c4 Filesystem access.
pkgs/npm/[email protected]/lib/html/index.js:6 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #8b695f8ff0c630c4 Filesystem access.
pkgs/npm/[email protected]/lib/html/index.js:6 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #9cfddcb160e93617 Filesystem access.
pkgs/npm/[email protected]/lib/html/index.js:364 
        const cw = this.getWriter(context).writeFile(linkMapper.getPath(node));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #4c62fa02b121d8d3 Filesystem access.
pkgs/npm/[email protected]/lib/html/index.js:411 
        const cw = this.getWriter(context).writeFile(linkMapper.getPath(node));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #a04e957e6ecf4c97 Filesystem access.
pkgs/npm/[email protected]/lib/json-summary/index.js:18 
        this.contentWriter = context.writer.writeFile(this.file);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #0dd91d825d724f04 Filesystem access.
pkgs/npm/[email protected]/lib/json/index.js:17 
        this.contentWriter = context.writer.writeFile(this.file);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #14fa12071b1ebacd Filesystem access.
pkgs/npm/[email protected]/lib/lcovonly/index.js:18 
        this.contentWriter = context.writer.writeFile(this.file);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #90a682260308e1eb Filesystem access.
pkgs/npm/[email protected]/lib/teamcity/index.js:19 
        const cw = context.writer.writeFile(this.file);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #8b38c59d9b8cf283 Filesystem access.
pkgs/npm/[email protected]/lib/text-summary/index.js:18 
        const cw = context.writer.writeFile(this.file);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #8d1ffa42fb098934 Filesystem access.
pkgs/npm/[email protected]/lib/text/index.js:241 
        this.cw = context.writer.writeFile(this.file);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

jest-cli

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #46ddb1fc1834cfbc Environment-variable access.
pkgs/npm/[email protected]/bin/jest.js:12 
  if (process.env.NODE_ENV == null) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #ffcd138760fb8280 Environment-variable access.
pkgs/npm/[email protected]/bin/jest.js:13 
    process.env.NODE_ENV = 'test';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

jest-junit

npm dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #afb338b03807d931 Filesystem access.
pkgs/npm/[email protected]/index.js:5 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #afb338b03807d931 Filesystem access.
pkgs/npm/[email protected]/index.js:5 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #731cb95674ad6f90 Filesystem access.
pkgs/npm/[email protected]/index.js:38 
  fs.writeFileSync(outputPath, xml(jsonResults, { indent: '  ', declaration: true }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #13ddb4369d6f18a8 Filesystem access.
pkgs/npm/[email protected]/utils/buildJsonResults.js:6 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #13ddb4369d6f18a8 Filesystem access.
pkgs/npm/[email protected]/utils/buildJsonResults.js:6 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #d2e4dca3d14d8119 Filesystem access.
pkgs/npm/[email protected]/utils/getOptions.js:4 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #d2e4dca3d14d8119 Filesystem access.
pkgs/npm/[email protected]/utils/getOptions.js:4 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #5be2973007fee11f Environment-variable access.
pkgs/npm/[email protected]/utils/getOptions.js:22 
    if (process.env[name]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #05c68f0760b7311f Environment-variable access.
pkgs/npm/[email protected]/utils/getOptions.js:23 
      options[constants.ENVIRONMENT_CONFIG_MAP[name]] = process.env[name];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

jest-silent-reporter

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #92826a87054f15cd Environment-variable access.
pkgs/npm/[email protected]/SilentReporter.js:9 
    this.useDots = !!process.env.JEST_SILENT_REPORTER_DOTS || !!options.useDots;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #4bcef0c30ee40fbc Environment-variable access.
pkgs/npm/[email protected]/SilentReporter.js:11 
      !!process.env.JEST_SILENT_REPORTER_SHOW_PATHS || !!options.showPaths;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #4457885ed114da57 Environment-variable access.
pkgs/npm/[email protected]/SilentReporter.js:13 
      !!process.env.JEST_SILENT_REPORTER_SHOW_WARNINGS ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

js-yaml

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #00d746ec764fa586 Filesystem access.
pkgs/npm/[email protected]/bin/js-yaml.mjs:7 
const pkg = JSON.parse(readFileSync(new URL('../package.json', import.meta.url)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #0426ff8b08a0b9b7 Filesystem access.
pkgs/npm/[email protected]/bin/js-yaml.mjs:60 
  input = readFileSync(options.file === '-' ? 0 : options.file, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

mock-fs

npm dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #9cd2bf2d30c00ae5 Filesystem access.
pkgs/npm/[email protected]/lib/index.js:1 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #9cd2bf2d30c00ae5 Filesystem access.
pkgs/npm/[email protected]/lib/index.js:1 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #874a129ade09bf59 Filesystem access.
pkgs/npm/[email protected]/lib/loader.js:1 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #874a129ade09bf59 Filesystem access.
pkgs/npm/[email protected]/lib/loader.js:1 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #b3fb6ab4da488b56 Filesystem access.
pkgs/npm/[email protected]/lib/loader.js:32 
    const content = !lazy ? fs.readFileSync(target) : '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #797db4a14c63abb9 Filesystem access.
pkgs/npm/[email protected]/lib/loader.js:38 
          const res = bypass(() => fs.readFileSync(target));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #4aa970ea111fa1ab Filesystem access.
pkgs/npm/[email protected]/lib/readfilecontext.js:10 
  const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #4aa970ea111fa1ab Filesystem access.
pkgs/npm/[email protected]/lib/readfilecontext.js:10 
  const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #c19f8818e1a13cb5 Filesystem access.
pkgs/npm/[email protected]/lib/readfilecontext.js:21 
  fs.readFile('/ignored.txt', () => {});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

node-notifier

npm dependency
expand_more 11 low-confidence finding(s)
low env_fs dependency Excluded from app score #385af715fbb80dc5 Filesystem access.
pkgs/npm/[email protected]/lib/utils.js:8 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #385af715fbb80dc5 Filesystem access.
pkgs/npm/[email protected]/lib/utils.js:8 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #4775d584b1c8c343 Environment-variable access.
pkgs/npm/[email protected]/lib/utils.js:53 
  if (process.env.DEBUG && process.env.DEBUG.indexOf('notifier') !== -1) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #4775d584b1c8c343 Environment-variable access.
pkgs/npm/[email protected]/lib/utils.js:53 
  if (process.env.DEBUG && process.env.DEBUG.indexOf('notifier') !== -1) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #ecb4a9e372b47ad2 Environment-variable access.
pkgs/npm/[email protected]/lib/utils.js:70 
  if (process.env.DEBUG && process.env.DEBUG.indexOf('notifier') !== -1) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #ecb4a9e372b47ad2 Environment-variable access.
pkgs/npm/[email protected]/lib/utils.js:70 
  if (process.env.DEBUG && process.env.DEBUG.indexOf('notifier') !== -1) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #df4313b280fc0d64 Environment-variable access.
pkgs/npm/[email protected]/lib/utils.js:83 
  if (process.env.DEBUG && process.env.DEBUG.indexOf('notifier') !== -1) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #df4313b280fc0d64 Environment-variable access.
pkgs/npm/[email protected]/lib/utils.js:83 
  if (process.env.DEBUG && process.env.DEBUG.indexOf('notifier') !== -1) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #a4e2589213b3682f Environment-variable access.
pkgs/npm/[email protected]/lib/utils.js:102 
  if (process.env.DEBUG && process.env.DEBUG.indexOf('notifier') !== -1) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #a4e2589213b3682f Environment-variable access.
pkgs/npm/[email protected]/lib/utils.js:102 
  if (process.env.DEBUG && process.env.DEBUG.indexOf('notifier') !== -1) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #11a28411fea1ddd8 Filesystem access.
pkgs/npm/[email protected]/lib/utils.js:194 
      options.icon = fs.readFileSync(options.icon);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

prettier

npm dependency
expand_more 57 low-confidence finding(s)
low env_fs dependency Excluded from app score #4336924e09a04743 Environment-variable access.
pkgs/npm/[email protected]/bin/prettier.cjs:66 
if (process.env.PRETTIER_EXPERIMENTAL_CLI || index !== -1) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #46b113ccdd7f1d58 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:10 
import { createWriteStream } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #d3d17e3568a4955a Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:15 
import fs from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #8465c68203e6076c Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:371 
  return dist_default.retry.readFile(retryOptions)(filePath, options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #d96827d043cf8e9f Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:516 
import { statSync, realpathSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #fc700876738da800 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:526 
import fs2 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #3da7764c84549c4d Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:878 
    string2 = fs2.readFileSync(path3.toNamespacedPath(jsonPath), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #1542c00f831fc73e Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:1878 
import fs3 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #0cc88ec282137c9b Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:1955 
          const content = fs3.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #ac7e9bdeff61d235 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:1961 
          return fs3.writeFileSync(filePath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #9f14e3285057b967 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:54 
import fs from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #8139a626d52c1d0f Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:96 
import fs2 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #b796bd635bba6d6c Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:107 
      const buffer2 = attempt(() => fs2.readFileSync(path18), Buffer2.alloc(0));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #6425b113c93c48f8 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:116 
import fs3 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #fa5670e74c363056 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:612 
import fs4 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #0dc3d77231ddf987 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:627 
              const content = fs4.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #2c0500dcb647d2c4 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:633 
              return fs4.writeFileSync(filePath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #5324530c676ed63e Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:2515 
import fs5 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #71936489b6468ad7 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:2525 
    string2 = fs5.readFileSync(path4.toNamespacedPath(jsonPath), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #873c7664091ae431 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:2743 
import { statSync, realpathSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #c9d939d4fb0c88b0 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:3607 
import fs6 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #dc2f0e9bc94f5c62 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:4855 
import fs7 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #d870eace074f8aac Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:5794 
import fs8 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #4d6dce0912a9affe Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:5820 
          const store = JSON.parse(fs8.readFileSync(this.storePath, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #386b3a29291e43b5 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:5835 
          fs8.writeFileSync(this.storePath, store);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #fc2a0885c297087a Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:5850 
          const content = fs8.readFileSync(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #01a07461b4408954 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:6238 
import fs9 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #0bf0c0c5bd47bb85 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:6252 
        return fs9.readFile(filePath, "utf8").then(parse_default2).catch(noop2);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #506243b904e3167a Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:6582 
import fs10 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #963897db57afd2e1 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:6594 
      return fs10.readFile(filePath, "utf8").catch(noop2);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #81a588c1b0d75b34 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:10466 
import fs11 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #27f034f959eaf356 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:10488 
        const fileContent = fs11.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #7519a9519cfc7a55 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:10493 
        const fileContent = fs11.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #dad25b75a438fccd Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:10499 
        const fileBuffer = fs11.readFileSync(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #47f623e056b9731c Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:10515 
        const fileContent = fs11.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #f7c49ecea1aeebe4 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:10521 
        const fileContent = fs11.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #c9cf44809a65dc49 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:11366 
import fs12 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #7a694b7cb3110e22 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:11559 
import { createWriteStream } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #cf76d771e8acbb68 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:11567 
  return dist_default36.retry.readFile(retryOptions)(filePath, options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #b04c9e92fb7db2d7 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:12330 
import fs13 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #f2e4537bc0599653 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:12395 
  const ignoreManualFilesContents = await Promise.all(ignoreManualFilesPaths.map((filePath) => fs13.readFile(filePath, "utf8").catch(() => "")));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #fa4d9b4d13899bc0 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:12400 
  const prettierManualFilesContents = await Promise.all(prettierManualFilesPaths.map((filePath) => fs13.readFile(filePath, "utf8")));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #fd556aa598013d65 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1233 
import fs from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #2055555538d00eec Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1554 
import fs9 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #e0c921a389cb381d Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1778 
import fs4 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #7add95be47533c24 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1786 
import fs3 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #7e21c1d6d8278d94 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1794 
import fs2 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #53a68d1751f86ea5 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1888 
    const data = await fs4.readFile(cacheFile, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #047f92b0d1ed498d Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1906 
import fs7 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #a4da21081620de2f Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1910 
import fs6 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #0f101f08f45ab810 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1914 
import fs5 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #4c59500e86e18694 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:4302 
      const data = fs5.readFileSync(pathToFile, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #07a6534bb6644009 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:4506 
        fs5.writeFileSync(filePath, data);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #90db0f56cd6dbaed Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:4894 
        const buffer = fs6.readFileSync(absolutePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #695473115d550e82 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:5188 
import fs8 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #b6d2959dc7cab07d Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:5449 
  writeFormattedFile: (file, data) => fs8.writeFile(file, data)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #2263fe3bff3662bd Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:5805 
      input = await fs9.readFile(filename, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

promise

npm dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #b98b4c57137e595d Filesystem access.
pkgs/npm/[email protected]/build.js:3 
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #b98b4c57137e595d Filesystem access.
pkgs/npm/[email protected]/build.js:3 
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #6546b20b406aa7a2 Filesystem access.
pkgs/npm/[email protected]/build.js:11 
  shasum.update(fs.readFileSync(__dirname + '/src/' + filename, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #6ce787b131dfd350 Filesystem access.
pkgs/npm/[email protected]/build.js:44 
  var src = fs.readFileSync(__dirname + '/src/' + filename, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #0432c55ab7ebbfb0 Filesystem access.
pkgs/npm/[email protected]/build.js:46 
  fs.writeFileSync(__dirname + '/lib/' + filename, out);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #08e84197fe934c04 Filesystem access.
pkgs/npm/[email protected]/build.js:52 
  var src = fs.readFileSync(__dirname + '/src/' + filename, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #8da9c78528c0ec1a Filesystem access.
pkgs/npm/[email protected]/build.js:55 
  fs.writeFileSync(__dirname + '/domains/' + filename, out);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #7ce06402e32cf133 Filesystem access.
pkgs/npm/[email protected]/build.js:61 
  var src = fs.readFileSync(__dirname + '/src/' + filename, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #6ad26654cc455f33 Filesystem access.
pkgs/npm/[email protected]/build.js:65 
  fs.writeFileSync(__dirname + '/setimmediate/' + filename, out);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

read-pkg

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #4d1a2b4fdb27fd25 Filesystem access.
pkgs/npm/[email protected]/index.js:23 
	const packageFile = await fsPromises.readFile(getPackagePath(cwd), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #4f4a98d031fe7afe Filesystem access.
pkgs/npm/[email protected]/index.js:28 
	const packageFile = fs.readFileSync(getPackagePath(cwd), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

resolve

npm dependency
expand_more 14 low-confidence finding(s)
low env_fs dependency Excluded from app score #f8caea12de6d7a6b Filesystem access.
pkgs/npm/[email protected]/lib/async.js:1 
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #f8caea12de6d7a6b Filesystem access.
pkgs/npm/[email protected]/lib/async.js:1 
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #f16c1afd0ca3d024 Environment-variable access.
pkgs/npm/[email protected]/lib/homedir.js:8 
    var home = process.env.HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #9e3f4b81b1f59820 Environment-variable access.
pkgs/npm/[email protected]/lib/homedir.js:9 
    var user = process.env.LOGNAME || process.env.USER || process.env.LNAME || process.env.USERNAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #9e3f4b81b1f59820 Environment-variable access.
pkgs/npm/[email protected]/lib/homedir.js:9 
    var user = process.env.LOGNAME || process.env.USER || process.env.LNAME || process.env.USERNAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #9e3f4b81b1f59820 Environment-variable access.
pkgs/npm/[email protected]/lib/homedir.js:9 
    var user = process.env.LOGNAME || process.env.USER || process.env.LNAME || process.env.USERNAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #9e3f4b81b1f59820 Environment-variable access.
pkgs/npm/[email protected]/lib/homedir.js:9 
    var user = process.env.LOGNAME || process.env.USER || process.env.LNAME || process.env.USERNAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #bb692b32d937708d Environment-variable access.
pkgs/npm/[email protected]/lib/homedir.js:12 
        return process.env.USERPROFILE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #99ee6b06b46e21cd Environment-variable access.
pkgs/npm/[email protected]/lib/homedir.js:14 
                process.env.HOMEDRIVE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #248a24e8e09aeca1 Environment-variable access.
pkgs/npm/[email protected]/lib/homedir.js:15 
                && process.env.HOMEPATH

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #faf4ad8fc7d9d18d Environment-variable access.
pkgs/npm/[email protected]/lib/homedir.js:16 
                && (process.env.HOMEDRIVE + process.env.HOMEPATH)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #faf4ad8fc7d9d18d Environment-variable access.
pkgs/npm/[email protected]/lib/homedir.js:16 
                && (process.env.HOMEDRIVE + process.env.HOMEPATH)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #9bec9f3a9ac7f1bb Filesystem access.
pkgs/npm/[email protected]/lib/sync.js:2 
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #9bec9f3a9ac7f1bb Filesystem access.
pkgs/npm/[email protected]/lib/sync.js:2 
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

semver

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #8c0c99b887baa6c2 Environment-variable access.
pkgs/npm/[email protected]/internal/debug.js:6 
  process.env.NODE_DEBUG &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #df1d820fafe2f2cc Environment-variable access.
pkgs/npm/[email protected]/internal/debug.js:7 
  /\bsemver\b/i.test(process.env.NODE_DEBUG)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

tempy

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #f2b4c03991dceaee Filesystem access.
pkgs/npm/[email protected]/index.js:112 
	fs.writeFileSync(filename, fileContent);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ts-node

npm dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #dd96c4a04c3a13e3 Filesystem access.
pkgs/npm/[email protected]/dist-raw/node-internal-modules-cjs-loader.js:27 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #dd96c4a04c3a13e3 Filesystem access.
pkgs/npm/[email protected]/dist-raw/node-internal-modules-cjs-loader.js:27 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #22bf79964488d8aa Filesystem access.
pkgs/npm/[email protected]/dist-raw/node-internal-modules-esm-resolve.js:39 
const {
  realpathSync,
  statSync,
  Stats,
} = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #d080ea55f5f4b8a1 Filesystem access.
pkgs/npm/[email protected]/dist-raw/node-internal-modules-esm-resolve.js:43 
} = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #4e2c7fd686c1c5c7 Filesystem access.
pkgs/npm/[email protected]/dist-raw/node-internalBinding-fs.js:1 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #4e2c7fd686c1c5c7 Filesystem access.
pkgs/npm/[email protected]/dist-raw/node-internalBinding-fs.js:1 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #6b32d51fd7b75d87 Filesystem access.
pkgs/npm/[email protected]/dist-raw/node-internalBinding-fs.js:13 
    string = fs.readFileSync(path, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #97a6a850505fcb1d Environment-variable access.
pkgs/npm/[email protected]/dist-raw/node-options.js:48 
  const envArgv = ParseNodeOptionsEnvVar(process.env.NODE_OPTIONS || '', errors);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #489ba6fe4d691f9c Environment-variable access.
pkgs/npm/[email protected]/dist-raw/node-options.js:99 
  if(process.env.NODE_PENDING_DEPRECATION === '1') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

typescript

npm dependency
expand_more 20 low-confidence finding(s)
low env_fs dependency Excluded from app score #2b825fd1b63c2e8a Filesystem access.
pkgs/npm/[email protected]/lib/_tsserver.js:51 
var import_fs = __toESM(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #eccbb3fac872ab0a Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:309 
    const envLogOptions = parseLoggingEnvironmentString(process.env.TSS_LOG);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #29513503554f8582 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:535 
  const traceDir = commandLineTraceDir ? (0, typescript_exports.stripQuotes)(commandLineTraceDir) : process.env.TSS_TRACE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #8be7cd61ea27054b Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:548 
        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #8be7cd61ea27054b Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:548 
        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #8be7cd61ea27054b Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:548 
        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #8be7cd61ea27054b Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:548 
        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #8be7cd61ea27054b Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:548 
        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #8be7cd61ea27054b Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:548 
        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #8be7cd61ea27054b Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:548 
        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #a3aa63d9522c43ba Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:565 
    if (process.env.XDG_CACHE_HOME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #2e247ae836f336b5 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:566 
      return process.env.XDG_CACHE_HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #872b81a5c9207cf4 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:569 
    const homePath = import_os.default.homedir && import_os.default.homedir() || process.env.HOME || (process.env.LOGNAME || process.env.USER) && `/${usersDir}/${process.env.LOGNAME || process.env.USER}` || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #872b81a5c9207cf4 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:569 
    const homePath = import_os.default.homedir && import_os.default.homedir() || process.env.HOME || (process.env.LOGNAME || process.env.USER) && `/${usersDir}/${process.env.LOGNAME || process.env.USER}` || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #872b81a5c9207cf4 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:569 
    const homePath = import_os.default.homedir && import_os.default.homedir() || process.env.HOME || (process.env.LOGNAME || process.env.USER) && `/${usersDir}/${process.env.LOGNAME || process.env.USER}` || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #872b81a5c9207cf4 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:569 
    const homePath = import_os.default.homedir && import_os.default.homedir() || process.env.HOME || (process.env.LOGNAME || process.env.USER) && `/${usersDir}/${process.env.LOGNAME || process.env.USER}` || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #872b81a5c9207cf4 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:569 
    const homePath = import_os.default.homedir && import_os.default.homedir() || process.env.HOME || (process.env.LOGNAME || process.env.USER) && `/${usersDir}/${process.env.LOGNAME || process.env.USER}` || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #a2ab5459cfbd7676 Filesystem access.
pkgs/npm/[email protected]/lib/_typingsInstaller.js:44 
var fs = __toESM(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #765570c662e03190 Filesystem access.
pkgs/npm/[email protected]/lib/_typingsInstaller.js:88 
    const content = JSON.parse(host.readFile(typesRegistryFilePath));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #bb674bee5da4e6ec Filesystem access.
pkgs/npm/[email protected]/lib/watchGuard.js:42 
var fs = __toESM(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

webpack

npm dependency
expand_more 31 low-confidence finding(s)
low env_fs dependency Excluded from app score #a231a2cea2d54a2f Filesystem access.
pkgs/npm/[email protected]/lib/Compiler.js:901 
							(this.outputFileSystem).writeFile(targetPath, content, (err) => {
								if (err) return callback(err);

								// information marker that the asset has been emitted
								compilation.emittedAssets.add(file);

								// cache the information that the Source has been written to that location
								const newGeneration =
									targetFileGeneration === undefined
										? 1
										: targetFileGeneration + 1;
								/** @type {CacheEntry} */
								(cacheEntry).writtenTo.set(targetPath, newGeneration);
								this._assetEmittingWrittenFiles.set(targetPath, newGeneration);
								this.hooks.assetEmitted.callAsync(
									file,
									{
										content,
										source,
										outputPath,
										compilation,
										targetPath
									},
									callback
								);
							});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #4109f1c0d6ab1961 Filesystem access.
pkgs/npm/[email protected]/lib/Compiler.js:996 
								return /** @type {OutputFileSystem} */ (
									this.outputFileSystem
								).readFile(targetPath, (err, existingContent) => {
									if (
										err ||
										!content.equals(/** @type {Buffer} */ (existingContent))
									) {
										return doWrite(content);
									}
									return alreadyWritten();
								});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #4bf78220ecffe484 Filesystem access.
pkgs/npm/[email protected]/lib/Compiler.js:1141 
			(this.outputFileSystem).writeFile(
				/** @type {string} */ (this.recordsOutputPath),
				JSON.stringify(
					this.records,
					(n, value) => {
						if (
							typeof value === "object" &&
							value !== null &&
							!Array.isArray(value)
						) {
							const keys = Object.keys(value);
							if (!isSorted(keys)) {
								return sortObject(value, keys);
							}
						}
						return value;
					},
					2
				),
				callback
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #7ca88557e4de2e34 Filesystem access.
pkgs/npm/[email protected]/lib/Compiler.js:1227 
			(this.inputFileSystem).readFile(
				/** @type {string} */
				(this.recordsInputPath),
				(err, content) => {
					if (err) return callback(err);

					try {
						this.records =
							/** @type {Records} */
							(parseJson(/** @type {Buffer} */ (content).toString("utf8")));
					} catch (parseErr) {
						return callback(
							new Error(
								`Cannot parse records: ${
									/** @type {Error} */ (parseErr).message
								}`
							)
						);
					}

					return callback(null);
				}
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #30ac247957caa3ec Environment-variable access.
pkgs/npm/[email protected]/lib/DotenvPlugin.js:447 
					process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #431b9ee5c070550c Environment-variable access.
pkgs/npm/[email protected]/lib/DotenvPlugin.js:448 
						? process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #d17ac93a351248b5 Filesystem access.
pkgs/npm/[email protected]/lib/DotenvPlugin.js:465 
			fs.readFile(file, (err, content) => {
				if (err) reject(err);
				else resolve(/** @type {Buffer} */ (content).toString() || "");
			});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #f2c65f9c6768b7fd Environment-variable access.
pkgs/npm/[email protected]/lib/EnvironmentPlugin.js:50 
					process.env[key] !== undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #808ba704d387fe9a Environment-variable access.
pkgs/npm/[email protected]/lib/EnvironmentPlugin.js:51 
						? process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #b1b65dcae892a904 Filesystem access.
pkgs/npm/[email protected]/lib/FileSystemInfo.js:2209 
								this.fs.readFile(path, (err, content) => {
									if (err) return callback(err);
									try {
										const context = dirname(this.fs, path);
										const source = /** @type {Buffer} */ (content).toString();
										const [imports] = lexer.parse(source);
										/** @type {Set<string>} */
										const added = new Set();
										for (const imp of imports) {
											try {
												// import.meta
												if (imp.d === -2) {
													continue;
												}

												/** @type {string | null} */
												const dependency =
													imp.n ||
													parseString(source.slice(imp.s, imp.e).trim());

												if (!dependency) {
													continue;
												}

												// We should not track Node.js build dependencies
												if (dependency.startsWith("node:")) continue;
												if (builtinModules.has(dependency)) continue;
												// Avoid extra jobs for identical imports
												if (added.has(dependency)) continue;

												push({
													type: RBDT_RESOLVE_ESM_FILE,
													context,
													path: dependency,
													expected: imp.d > -1 ? false : undefined,
													issuer: job
												});
												added.add(dependency);
											} catch (err1) {
												logger.warn(
													`Parsing of ${path} for build dependencies failed at 'import(${source.slice(
														imp.s,
														imp.e
													)})'.\n` +
														"Build dependencies behind this expression are ignored and might cause incorrect cache invalidation."
												);
												logger.debug(pathToString(job));
												logger.debug(/** @type {Error} */ (err1).stack);
											}
										}
									} catch (err2) {
										logger.warn(
											`Parsing of ${path} for build dependencies failed and all dependencies of this file are ignored, which might cause incorrect cache invalidation..`
										);
										logger.debug(pathToString(job));
										logger.debug(/** @type {Error} */ (err2).stack);
									}
									process.nextTick(callback);
								});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #3a11c74eb1636729 Filesystem access.
pkgs/npm/[email protected]/lib/FileSystemInfo.js:2284 
						this.fs.readFile(packageJson, (err, content) => {
							if (err) {
								if (err.code === "ENOENT") {
									resolveMissing.add(packageJson);
									const parent = dirname(this.fs, packagePath);
									if (parent !== packagePath) {
										push({
											type: RBDT_DIRECTORY_DEPENDENCIES,
											context: undefined,
											path: parent,
											expected: undefined,
											issuer: job
										});
									}
									callback();
									return;
								}
								return callback(err);
							}
							resolveFiles.add(packageJson);
							/** @type {JsonObject} */
							let packageData;
							try {
								packageData = JSON.parse(
									/** @type {Buffer} */
									(content).toString("utf8")
								);
							} catch (parseErr) {
								return callback(/** @type {Error} */ (parseErr));
							}
							const depsObject = packageData.dependencies;
							const optionalDepsObject = packageData.optionalDependencies;
							/** @type {Set<string>} */
							const allDeps = new Set();
							/** @type {Set<string>} */
							const optionalDeps = new Set();
							if (typeof depsObject === "object" && depsObject) {
								for (const dep of Object.keys(depsObject)) {
									allDeps.add(dep);
								}
							}
							if (
								typeof optionalDepsObject === "object" &&
								optionalDepsObject
							) {
								for (const dep of Object.keys(optionalDepsObject)) {
									allDeps.add(dep);
									optionalDeps.add(dep);
								}
							}
							for (const dep of allDeps) {
								push({
									type: RBDT_RESOLVE_DIRECTORY,
									context: packagePath,
									path: dep,
									expected: !optionalDeps.has(dep),
									issuer: job
								});
							}
							callback();
						});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #7bf2e8092a785263 Filesystem access.
pkgs/npm/[email protected]/lib/FileSystemInfo.js:3676 
		this.fs.readFile(path, (err, content) => {
			if (err) {
				if (err.code === "EISDIR") {
					this._fileHashes.set(path, "directory");
					return callback(null, "directory");
				}
				if (err.code === "ENOENT") {
					this._fileHashes.set(path, null);
					return callback(null, null);
				}
				if (err.code === "ERR_FS_FILE_TOO_LARGE") {
					/** @type {Logger} */
					(this.logger).warn(`Ignoring ${path} for hashing as it's very large`);
					this._fileHashes.set(path, "too large");
					return callback(null, "too large");
				}
				return callback(/** @type {WebpackError} */ (err));
			}

			const hash = createHash(this._hashFunction);

			hash.update(/** @type {string | Buffer} */ (content));

			const digest = hash.digest("hex");

			this._fileHashes.set(path, digest);

			callback(null, digest);
		});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #994c9dc0a19923aa Filesystem access.
pkgs/npm/[email protected]/lib/FileSystemInfo.js:4419 
			this.fs.readFile(packageJsonPath, (err, content) => {
				if (err) {
					if (err.code === "ENOENT" || err.code === "ENOTDIR") {
						// no package.json or path is not a directory
						this.fs.readdir(path, (err, elements) => {
							if (
								!err &&
								/** @type {string[]} */ (elements).length === 1 &&
								/** @type {string[]} */ (elements)[0] === "node_modules"
							) {
								// This is only a grouping folder e.g. used by yarn
								// we are only interested in existence of this special directory
								this._managedItems.set(path, "*nested");
								return callback(null, "*nested");
							}
							/** @type {Logger} */
							(this.logger).warn(
								`Managed item ${path} isn't a directory or doesn't contain a package.json (see snapshot.managedPaths option)`
							);
							return callback();
						});
						return;
					}
					return callback(/** @type {WebpackError} */ (err));
				}
				/** @type {JsonObject} */
				let data;
				try {
					data = JSON.parse(/** @type {Buffer} */ (content).toString("utf8"));
				} catch (parseErr) {
					return callback(/** @type {WebpackError} */ (parseErr));
				}
				if (!data.name) {
					/** @type {Logger} */
					(this.logger).warn(
						`${packageJsonPath} doesn't contain a "name" property (see snapshot.managedPaths option)`
					);
					return callback();
				}
				const info = `${data.name || ""}@${data.version || ""}`;
				this._managedItems.set(path, info);
				callback(null, info);
			});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #a907a1a021f4821c Filesystem access.
pkgs/npm/[email protected]/lib/config/defaults.js:8 
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #a907a1a021f4821c Filesystem access.
pkgs/npm/[email protected]/lib/config/defaults.js:8 
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #3a5c8808166a7820 Filesystem access.
pkgs/npm/[email protected]/lib/config/defaults.js:1477 
			const packageInfo = JSON.parse(fs.readFileSync(pkgPath, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #6ea63c5f57648bad Environment-variable access.
pkgs/npm/[email protected]/lib/config/defaults.js:2450 
		(infrastructureLogging.stream).isTTY && process.env.TERM !== "dumb";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #9c519e114001d30d Filesystem access.
pkgs/npm/[email protected]/lib/dll/DllReferencePlugin.js:73 
					(compiler.inputFileSystem).readFile(manifest, (err, result) => {
						if (err) return callback(err);
						/** @type {CompilationDataItem} */
						const data = {
							path: manifest,
							data: undefined,
							error: undefined
						};
						// Catch errors parsing the manifest so that blank
						// or malformed manifest files don't kill the process.
						try {
							data.data =
								/** @type {DllReferencePluginOptionsManifest} */
								(
									/** @type {unknown} */
									(parseJson(/** @type {Buffer} */ (result).toString("utf8")))
								);
						} catch (parseErr) {
							// Store the error in the params so that it can
							// be added as a compilation error later on.
							const manifestPath = makePathsRelative(
								compiler.context,
								manifest,
								compiler.root
							);
							data.error = new DllManifestError(
								manifestPath,
								/** @type {Error} */ (parseErr).message
							);
						}
						compilationData.set(params, data);
						return callback();
					});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #340a7683c613b445 Filesystem access.
pkgs/npm/[email protected]/lib/dll/LibManifestPlugin.js:137 
								intermediateFileSystem.writeFile(targetPath, buffer, callback);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #c2cc8c59dbb2a610 Filesystem access.
pkgs/npm/[email protected]/lib/ids/SyncModuleIdsPlugin.js:63 
				fs.readFile(this.options.path, (err, buffer) => {
					if (err) {
						if (err.code !== "ENOENT") {
							return callback(err);
						}
						return callback();
					}
					/** @type {JSONContent} */
					const json = JSON.parse(/** @type {Buffer} */ (buffer).toString());
					/** @type {Map<string, string | number | null>} */
					data = new Map();
					for (const key of Object.keys(json)) {
						data.set(key, json[key]);
					}
					dataChanged = false;
					return callback();
				});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #4cf8732a5bfe8d96 Filesystem access.
pkgs/npm/[email protected]/lib/ids/SyncModuleIdsPlugin.js:94 
				fs.writeFile(this.options.path, JSON.stringify(json), callback);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #cf4d53d77850e507 Filesystem access.
pkgs/npm/[email protected]/lib/schemes/FileUriPlugin.js:43 
						loaderContext.fs.readFile(resourcePath, (err, result) => {
							if (err) return callback(err);
							loaderContext.addDependency(resourcePath);
							callback(null, result);
						});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #5593d23d47ad6f5e Environment-variable access.
pkgs/npm/[email protected]/lib/schemes/HttpUriPlugin.js:496 
			this.options.proxy || process.env.http_proxy || process.env.HTTP_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #5593d23d47ad6f5e Environment-variable access.
pkgs/npm/[email protected]/lib/schemes/HttpUriPlugin.js:496 
			this.options.proxy || process.env.http_proxy || process.env.HTTP_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #75cb43695fd2e550 Filesystem access.
pkgs/npm/[email protected]/lib/schemes/HttpUriPlugin.js:589 
							intermediateFs.readFile(lockfileLocation, (err, buffer) => {
								if (err && err.code !== "ENOENT") {
									compilation.missingDependencies.add(lockfileLocation);
									return callback(err);
								}
								compilation.fileDependencies.add(lockfileLocation);
								compilation.fileSystemInfo.createSnapshot(
									compiler.fsStartTime,
									buffer ? [lockfileLocation] : [],
									[],
									buffer ? [] : [lockfileLocation],
									{ timestamp: true },
									(err, s) => {
										if (err) return callback(err);
										const lockfile = buffer
											? Lockfile.parse(buffer.toString("utf8"))
											: new Lockfile();
										lockfileCache = {
											lockfile,
											snapshot: /** @type {Snapshot} */ (s)
										};
										callback(null, lockfile);
									}
								);
							});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #7c92bf59a1c666de Filesystem access.
pkgs/npm/[email protected]/lib/schemes/HttpUriPlugin.js:693 
							intermediateFs.writeFile(filePath, result.content, (err) => {
								if (err) return callback(err);
								callback(null, result);
							});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #6e7f1f0a412cfa12 Filesystem access.
pkgs/npm/[email protected]/lib/schemes/HttpUriPlugin.js:1202 
									fs.readFile(filePath, (err, result) => {
										if (err) {
											if (err.code === "ENOENT") return doFetch();
											return callback(err);
										}
										const content = /** @type {Buffer} */ (result);
										/**
										 * Continue with cached content.
										 * @param {Buffer | undefined} _result result
										 * @returns {void}
										 */
										const continueWithCachedContent = (_result) => {
											if (!upgrade) {
												// When not in upgrade mode, we accept the result from the lockfile cache
												return callback(null, { entry, content });
											}
											return doFetch(content);
										};
										if (!verifyIntegrity(content, entry.integrity)) {
											/** @type {Buffer | undefined} */
											let contentWithChangedEol;
											let isEolChanged = false;
											try {
												contentWithChangedEol = Buffer.from(
													content.toString("utf8").replace(/\r\n/g, "\n")
												);
												isEolChanged = verifyIntegrity(
													contentWithChangedEol,
													entry.integrity
												);
											} catch (_err) {
												// ignore
											}
											if (isEolChanged) {
												if (!warnedAboutEol) {
													const explainer = `Incorrect end of line sequence was detected in the lockfile cache.
The lockfile cache is protected by integrity checks, so any external modification will lead to a corrupted lockfile cache.
When using git make sure to configure .gitattributes correctly for the lockfile cache:
  **/*webpack.lock.data/** -text
This will avoid that the end of line sequence is changed by git on Windows.`;
													if (frozen) {
														logger.error(explainer);
													} else {
														logger.warn(explainer);
														logger.info(
															"Lockfile cache will be automatically fixed now, but when lockfile is frozen this would result in an error."
														);
													}
													warnedAboutEol = true;
												}
												if (!frozen) {
													// "fix" the end of line sequence of the lockfile content
													logger.log(
														`${filePath} fixed end of line sequence (\\r\\n instead of \\n).`
													);
													intermediateFs.writeFile(
														filePath,
														/** @type {Buffer} */
														(contentWithChangedEol),
														(err) => {
															if (err) return callback(err);
															continueWithCachedContent(
																/** @type {Buffer} */
																(contentWithChangedEol)
															);
														}
													);
													return;
												}
											}
											if (frozen) {
												return callback(
													new Error(
														`${
															entry.resolved
														} integrity mismatch, expected content with integrity ${
															entry.integrity
														} but got ${computeIntegrity(content)}.
Lockfile corrupted (${
															isEolChanged
																? "end of line sequence was unexpectedly changed"
																: "incorrectly merged? changed by other tools?"
														}).
Run build with un-frozen lockfile to automatically fix lockfile.`
													)
												);
											}
											// "fix" the lockfile entry to the correct integrity
											// the content has priority over the integrity value
											entry = {
												...entry,
												integrity: computeIntegrity(content)
											};
											storeLockEntry(lockfile, url, entry);
										}
										continueWithCachedContent(result);
									});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #456bfb9afe912aa0 Filesystem access.
pkgs/npm/[email protected]/lib/schemes/HttpUriPlugin.js:1257 
													intermediateFs.writeFile(
														filePath,
														/** @type {Buffer} */
														(contentWithChangedEol),
														(err) => {
															if (err) return callback(err);
															continueWithCachedContent(
																/** @type {Buffer} */
																(contentWithChangedEol)
															);
														}
													);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #0ecc9e26841b14a8 Filesystem access.
pkgs/npm/[email protected]/lib/schemes/HttpUriPlugin.js:1410 
							intermediateFs.readFile(lockfileLocation, (err, buffer) => {
								if (err && err.code !== "ENOENT") {
									writeDone();
									return callback(err);
								}
								const lockfile = buffer
									? Lockfile.parse(buffer.toString("utf8"))
									: new Lockfile();
								for (const [key, value] of /** @type {LockfileUpdates} */ (
									lockfileUpdates
								)) {
									lockfile.entries.set(key, value);
								}
								intermediateFs.writeFile(
									tempFile,
									lockfile.toString(),
									(err) => {
										if (err) {
											writeDone();
											return (
												/** @type {NonNullable<IntermediateFileSystem["unlink"]>} */
												(intermediateFs.unlink)(tempFile, () => callback(err))
											);
										}
										intermediateFs.rename(tempFile, lockfileLocation, (err) => {
											if (err) {
												writeDone();
												return (
													/** @type {NonNullable<IntermediateFileSystem["unlink"]>} */
													(intermediateFs.unlink)(tempFile, () => callback(err))
												);
											}
											writeDone();
											callback();
										});
									}
								);
							});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #5dd0aa3942597d61 Filesystem access.
pkgs/npm/[email protected]/lib/schemes/HttpUriPlugin.js:1423 
								intermediateFs.writeFile(
									tempFile,
									lockfile.toString(),
									(err) => {
										if (err) {
											writeDone();
											return (
												/** @type {NonNullable<IntermediateFileSystem["unlink"]>} */
												(intermediateFs.unlink)(tempFile, () => callback(err))
											);
										}
										intermediateFs.rename(tempFile, lockfileLocation, (err) => {
											if (err) {
												writeDone();
												return (
													/** @type {NonNullable<IntermediateFileSystem["unlink"]>} */
													(intermediateFs.unlink)(tempFile, () => callback(err))
												);
											}
											writeDone();
											callback();
										});
									}
								);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #d656fe70833f2b3e Filesystem access.
pkgs/npm/[email protected]/lib/util/fs.js:681 
	fs.readFile(p, (err, buf) => {
		if (err) return callback(err);
		/** @type {JsonObject} */
		let data;
		try {
			data = JSON.parse(/** @type {Buffer} */ (buf).toString("utf8"));
		} catch (err1) {
			return callback(/** @type {Error} */ (err1));
		}
		return callback(null, data);
	});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

webpack-node-externals

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #4c4a33de3f63933f Filesystem access.
pkgs/npm/[email protected]/utils.js:1 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #4c4a33de3f63933f Filesystem access.
pkgs/npm/[email protected]/utils.js:1 
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #978ba54af5ddae8b Filesystem access.
pkgs/npm/[email protected]/utils.js:52 
        const packageJsonString = fs.readFileSync(
            path.resolve(process.cwd(), fileName),
            'utf8'
        );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

  • ansi-escapes prod — scan budget exceeded
  • ci-info prod — scan budget exceeded
  • exit-x prod — scan budget exceeded
  • fast-json-stable-stringify prod — scan budget exceeded
  • jest-config prod — scan budget exceeded
  • jest-haste-map prod — scan budget exceeded
  • jest-regex-util prod — scan budget exceeded
  • jest-resolve prod — scan budget exceeded
  • jest-resolve-dependencies prod — scan budget exceeded
  • jest-runner prod — scan budget exceeded
  • jest-runtime prod — scan budget exceeded
  • jest-validate prod — scan budget exceeded
  • jest-watcher prod — scan budget exceeded
  • picomatch prod — scan budget exceeded
  • babel-plugin-jest-hoist prod — scan budget exceeded
  • babel-preset-current-node-syntax prod — scan budget exceeded
  • @jest/diff-sequences prod — scan budget exceeded
  • @jest/environment prod — scan budget exceeded
  • @jest/fake-timers prod — scan budget exceeded
  • @ungap/structured-clone prod — scan budget exceeded
  • merge-stream prod — scan budget exceeded
  • supports-color prod — scan budget exceeded
  • yargs prod — scan budget exceeded
  • deepmerge prod — scan budget exceeded
  • jest-circus prod — scan budget exceeded
  • jest-docblock prod — scan budget exceeded
  • jest-environment-node prod — scan budget exceeded
  • parse-json prod — scan budget exceeded
  • @babel/generator prod — scan budget exceeded
  • @babel/plugin-syntax-jsx prod — scan budget exceeded
  • @babel/plugin-syntax-typescript prod — scan budget exceeded
  • @babel/types prod — scan budget exceeded
  • @jest/expect-utils prod — scan budget exceeded
  • @jest/snapshot-utils prod — scan budget exceeded
  • expect prod — scan budget exceeded
  • jest-diff prod — scan budget exceeded
  • jest-matcher-utils prod — scan budget exceeded
  • synckit prod — scan budget exceeded
  • anymatch prod — scan budget exceeded
  • fb-watchman prod — scan budget exceeded
  • fdir prod — scan budget exceeded
  • jest-worker prod — scan budget exceeded
  • @jest/expect prod — scan budget exceeded
  • co prod — scan budget exceeded
  • is-generator-fn prod — scan budget exceeded
  • jest-each prod — scan budget exceeded
  • pure-rand prod — scan budget exceeded
  • stack-utils prod — scan budget exceeded
  • @bcoe/v8-coverage prod — scan budget exceeded
  • collect-v8-coverage prod — scan budget exceeded
  • istanbul-lib-instrument prod — scan budget exceeded
  • istanbul-lib-source-maps prod — scan budget exceeded
  • string-length prod — scan budget exceeded
  • v8-to-istanbul prod — scan budget exceeded
  • @jest/source-map prod — scan budget exceeded
  • @sinclair/typebox prod — scan budget exceeded
  • unrs-resolver prod — scan budget exceeded
  • natural-compare prod — scan budget exceeded
  • @jest/schemas prod — scan budget exceeded
  • babel-plugin-istanbul prod — scan budget exceeded
  • babel-preset-jest prod — scan budget exceeded
  • @babel/code-frame prod — scan budget exceeded
  • react-is-18 prod — scan budget exceeded

Development

  • @eslint/markdown dev — dist-only: no readable source
  • @jest/test-utils dev — no javascript source
  • @lerna-lite/cli dev — dist-only: no readable source
  • @lerna-lite/exec dev — dist-only: no readable source
  • @lerna-lite/publish dev — dist-only: no readable source
  • @tsconfig/node18 dev — no javascript source
  • find-process dev — dist-only: no readable source
  • glob dev — dist-only: no readable source
  • rimraf dev — dist-only: no readable source
  • tstyche dev — dist-only: no readable source
  • typescript-eslint dev — dist-only: no readable source
  • @jest/test-sequencer dev — scan budget exceeded
  • @types/micromatch dev — scan budget exceeded
  • @types/picomatch dev — scan budget exceeded
  • lodash dev — scan budget exceeded
  • micromatch dev — scan budget exceeded
  • @types/jsdom dev — scan budget exceeded
  • jsdom dev — scan budget exceeded
  • @types/merge-stream dev — scan budget exceeded
  • @types/supports-color dev — scan budget exceeded
  • @types/ungap__structured-clone dev — scan budget exceeded
  • get-stream dev — scan budget exceeded
  • jest-leak-detector dev — scan budget exceeded
  • worker-farm dev — scan budget exceeded
  • @types/yargs dev — scan budget exceeded
  • @types/parse-json dev — scan budget exceeded
  • esbuild dev — scan budget exceeded
  • esbuild-register dev — scan budget exceeded
  • @babel/preset-flow dev — scan budget exceeded
  • @types/prettier-v2 dev — scan budget exceeded
  • @types/semver dev — scan budget exceeded
  • prettier-v2 dev — scan budget exceeded
  • @types/fb-watchman dev — scan budget exceeded
  • @fast-check/jest dev — scan budget exceeded
  • benchmark dev — scan budget exceeded
  • diff dev — scan budget exceeded
  • @babel-8/core dev — scan budget exceeded
  • @babel-8/preset-react dev — scan budget exceeded
  • @babel-8/preset-typescript dev — scan budget exceeded
  • @prettier/sync dev — scan budget exceeded
  • @types/babel__traverse dev — scan budget exceeded
  • babel-plugin-tester dev — scan budget exceeded
  • @types/co dev — scan budget exceeded
  • @types/stack-utils dev — scan budget exceeded
  • @types/istanbul-lib-coverage dev — scan budget exceeded
  • @types/istanbul-lib-instrument dev — scan budget exceeded
  • @types/istanbul-lib-report dev — scan budget exceeded
  • @types/istanbul-lib-source-maps dev — scan budget exceeded
  • @types/istanbul-reports dev — scan budget exceeded
  • @types/node-notifier dev — scan budget exceeded
  • immutable dev — scan budget exceeded
  • url dev — scan budget exceeded
  • @types/natural-compare dev — scan budget exceeded
  • @types/babel__code-frame dev — scan budget exceeded