Close Open Privacy Scan

bolt Snapshot: commit 5dc9490
science engine v1.14
schedule 2026-07-17T04:28:54.175932+00:00

verified_user Possible application data leak

Potential data exfiltration identified in application code.

smart_toy AI deps detected: litellm, openai — detected in dependencies, not a safety judgment.

App Privacy Score

42 /100
High privacy risk — possible application leak

High risk · 3950 finding(s)

Dependency score: 0 (High risk)

bar_chart Score Breakdown

telemetry −25
egress −15
pii_flow −15
env_fs −3

list Scan Summary

1 high 260 medium 3689 low
First-party packages: 1
Dependency packages: 81
Ecosystem: python

swap_horiz Potential data exfiltration in application code

External domains: 0x10c.com10.10.11.24910.96.32.8::ffff:192.168.0.1actions.zapier.comagda.readthedocs.ioaggregate.ee.engr.uky.eduaheui.github.ioai-gateway.helicone.aiai-gateway.vercel.shai-guard.aws.us.pangea.cloudai-guard.onyx.securityai.api.nvidia.comai.azure.comai.google.devaider.chataiplatform.googleapis.comalloy.mit.eduampl.comangular.ioapi-dashboard.search.brave.comapi-dev.javelin.liveapi-docs.deepseek.comapi-inference.huggingface.coapi.agentops.aiapi.ai21.comapi.aim.securityapi.aimlapi.comapi.aleph-alpha.comapi.anthropic.comapi.assemblyai.comapi.bfl.aiapi.bitbucket.orgapi.braintrustdata.comapi.bytez.comapi.cerebras.aiapi.clarifai.comapi.cloudflare.comapi.cloudzero.comapi.cohere.aiapi.cohere.comapi.cometapi.comapi.compactif.aiapi.confident-ai.comapi.cursor.comapi.dataforseo.comapi.deepgram.comapi.deepinfra.comapi.deepseek.comapi.dev.runwayml.comapi.duckduckgo.comapi.dynamo.aiapi.elevenlabs.ioapi.endpoints.anyscale.comapi.endpoints.huggingface.cloudapi.enkryptai.comapi.eu.assemblyai.comapi.exa.aiapi.featherless.aiapi.firecrawl.devapi.fireworks.aiapi.friendli.aiapi.galadriel.comapi.github.comapi.githubcopilot.comapi.grayswan.aiapi.groq.comapi.hconeai.comapi.hiddenlayer.aiapi.honeycomb.ioapi.humanloop.comapi.hyperbolic.xyzapi.inference.wandb.aiapi.jina.aiapi.lakera.aiapi.lambda.aiapi.linkup.soapi.litellm.aiapi.llama.comapi.manus.imapi.minimax.ioapi.minimaxi.comapi.mistral.aiapi.mixpanel.comapi.mock.comapi.moonshot.aiapi.morphllm.comapi.nlpcloud.ioapi.noma.securityapi.nova.amazon.comapi.novita.aiapi.nuget.orgapi.openai.comapi.openai.com-12api.parallel.aiapi.perplexity.aiapi.pillar.securityapi.poe.comapi.promptlayer.comapi.publicai.coapi.qualifire.aiapi.replicate.comapi.resend.comapi.sambanova.aiapi.scaleway.aiapi.search.brave.comapi.sendgrid.comapi.slack.comapi.smith.langchain.comapi.stability.aiapi.stima.techapi.studio.nebius.aiapi.synthetic.newapi.tavily.comapi.telegram.orgapi.together.xyzapi.topazlabs.comapi.us1.bfl.aiapi.us1.zseclipse.netapi.v0.devapi.vantage.shapi.voyageai.comapi.wavespeed.aiapi.x.aiapi.z.aiapp.assembla.comapp.datarobot.comapp.empower.devapp.phoenix.arize.comapp.posthog.comarchive.orgarduino.ccark.cn-beijing.volces.comarstechnica.comartificialanalysis.aiarturo-lang.ioarxiv.orgasymptote.sf.netatom.ioattribution.omnilib.devaugeas.netauth.hiddenlayer.aiauth.openai.comaws.amazon.comawslabs.github.ioazure-us-east-1.openai.azure.combaremessages.orgbayes.cs.ucla.eduberry-lang.github.iobford.infobitbucket.orgbl.ocks.orgblackboxframework.orgblitzbasic.comblitzresearch.itch.ioblog.alifaraji.irblog.amjith.comblog.famzah.netblog.ganssle.ioblogs.ams.orgboa.cs.iastate.eduboogie-docs.readthedocs.iobooks.google.combootlin.combost.ocks.orgbrotlipy.readthedocs.iobugreports.qt.iobugs.python.orgbugs.winehq.orgbugzilla.gnome.orgbuild.nvidia.comcalendly.comcapnproto.orgcc65.github.iocdn.britannica.comcdn.jsdelivr.netcdn.mathjax.orgcdnjs.cloudflare.comcens.ioc.eeceylon-lang.orgcfengine.orgcffi.readthedocs.iochaiscript.comchapel-lang.orgchardet.feedparser.orgcharm.cs.illinois.educhat.maritaca.aichatgpt.comcircleci.comcirru.orgciteseer.ist.psu.educiteseerx.ist.psu.educjheath.github.ioclarifai.comclaylabs.comclean.cs.ru.nlclick.palletsprojects.comclojure.orgcloud.getliteral.aicloud.google.comcloud.ibm.comcloud.langfuse.comcloudfront.netcmake.orgcode.activestate.comcode.google.comcode.kx.comcodepoints.netcodestral.mistral.aicoffeescript.orgcognitiveservices.azure.comcole-maclean.github.iocommonmark.orgcommunity.openai.comcommunity.sap.comconemu.github.ioconsole.cloud.google.comconsole.groq.comconsoledonottrack.comcookbook.openai.comcoq.inria.frcoqui.aicore.telegram.orgcourses.cs.ut.eecoveralls.iocplint.eucran.r-project.orgcrates.iocreativecommons.orgcrmsh.github.iocrypto.cs.mcgill.cacryptography.iocrystal-lang.orgcsound.comcucumber.iocython.orgd-uuwbxj1u4cnu.studio.us-west-2.sagemaker.awsd3js.orgdarcs.netdaringfireball.netdart.devdashscope-intl.aliyuncs.comdashscope.aliyuncs.comdata-apis.orgdata.iana.orgdatasets-server.huggingface.codatatracker.ietf.orgdbpubs.stanford.edudeepeval.confident-ai.comdeepinfra.comdev.w3.orgdevblogs.microsoft.comdevcenter.heroku.comdeveloper.algorand.orgdeveloper.android.comdeveloper.apple.comdeveloper.hashicorp.comdeveloper.mixpanel.comdeveloper.mozilla.orgdeveloper.nvidia.comdeveloper.pagerduty.comdeveloper.r-project.orgdevelopers.generativeai.googledevelopers.google.comdevelopers.openai.comdevelopers.sber.rudigitalassets.lib.berkeley.edudiscord.comdiscordpy.readthedocs.iodiscoveryengine.googleapis.comdiscuss.python.orgdl.acm.orgdlang.orgdmlc.github.iodnznrvs05pmza.cloudfront.netdoc.qt.iodoc.rust-lang.orgdocbook.sourceforge.netdocker.iodocs.aeternity.comdocs.ai21.comdocs.aiohttp.orgdocs.aleph-alpha.comdocs.anthropic.comdocs.api.nvidia.comdocs.astropy.orgdocs.aws.amazon.comdocs.bfl.aidocs.cloud.google.comdocs.codestral.comdocs.cohere.comdocs.databricks.comdocs.datadoghq.comdocs.dataforseo.comdocs.docker.comdocs.exa.aidocs.expo.devdocs.firecrawl.devdocs.fireworks.aidocs.github.comdocs.grayswan.aidocs.hyperbolic.xyzdocs.langchain.comdocs.linkup.sodocs.litellm.aidocs.microsoft.comdocs.mistral.aidocs.modular.comdocs.morphllm.comdocs.mql4.comdocs.nlpcloud.comdocs.nvidia.comdocs.oracle.comdocs.parallel.aidocs.paramiko.orgdocs.perplexity.aidocs.predibase.comdocs.pydantic.devdocs.pytest.orgdocs.python.orgdocs.rsdocs.sambanova.aidocs.scipy.orgdocs.searxng.orgdocs.sendgrid.comdocs.snowflake.comdocs.sourcemod.netdocs.tavily.comdocs.tigergraph.comdocs.together.aidocs.ton.orgdocs.twelvelabs.iodocs.typo3.orgdocs.vllm.aidocs.voyageai.comdocs.wandb.aidocs.waves.techdocs.x.aidocutils.sourceforge.iodoi.acm.orgdoi.orgdotnet.microsoft.comdownload.pytorch.orgduckduckgo.comduelengine.orgdx.doi.orgec-lang.orgeccc.hpi-web.deeclectic.ss.uci.eduefele.netelevenlabs.ioelixir-lang.orgelm-lang.orgen.m.wikipedia.orgen.wikipedia.orgendpoint.openai.azure.comendpoints.ai.cloud.ovh.netendpoints.huggingface.coepubs.siam.orgerrors.pydantic.deveu.api.confident-ai.comeu.assemblyai.comeu.deepeval.confident-ai.comeu.i.posthog.comeu.posthog.comevents.pagerduty.comexam_ple.comexample-resource.azure.openai.comexampleopenaiendpoint-production.up.railway.appexcalidraw.comextempore.moso.com.auexternal.api.recraft.aiezhillang.orgfacebook.github.iofacelessuser.github.iofactorcode.orgfal.aifal.runfastapi.tiangolo.comfb.mefeatherless.aifeedback.litellm.aifennel-lang.orgfilesystem-spec.readthedocs.iofirefox-source-docs.mozilla.orgfishshell.comfocus.finops.orgfonts.googleapis.comfoo.comforms.glefortran-lang.orgfoss.heptapod.netfr.wikipedia.orgfreefem.orgfrexx.defsharp.orgfsspec.github.iofuthark-lang.orggcc.gnu.orggenerativelanguage.googleapis.comgenshi.edgewall.orggephi.orggexf.netgigachat.devices.sberbank.rugist.github.comgit-lfs.github.comgit-scm.comgit.kernel.orggit.sr.htgithub.bloggithub.comgithub.github.comgitlab.comgitlab.freedesktop.orggitlab.gnome.orggizmojo.orggleam.rungnuplot.infogo.devgolo-lang.orggoo.glgoogle.comgoogle.github.iogoogle.serper.devgooseberrycreative.comgosu-lang.github.iogpuopen.comgr-prd-trial.aporia.comgraph.microsoft.comgraphics.pixar.comgraphics.stanford.edugraphml.graphdrawing.orggraphql.orggroovy-lang.orggroups.google.comgum.cohal.archives-ouvertes.frhaml.infohandlebarsjs.comharelang.orghaxe.orghdl.handle.nethelp.adobe.comhelp.gooddata.comhelp.openai.comhelp.ovhcloud.comhf.cohomepages.dcc.ufmg.brhpccsystems.comhrcak.srce.hrhtml.spec.whatwg.orghttp-intake.logshttpbin.orghttpd.apache.orghttpwg.orghub-ci.huggingface.cohuggingface.cohuggingface.github.iohumanloop.comhuntr.comhylang.orghypothesis.readthedocs.ioiam.cloud.ibm.comidp.comidris2.readthedocs.ioieeexplore.ieee.orgimageio.readthedocs.ioimg.shields.ioinference-docs.cerebras.aiinference.api.nscale.cominference.baseten.coinference.do-ai.runinference.generativeaiinference.generativeai.us-ashburn-1.oci.oraclecloud.cominference.readthedocs.ioinfinity.modal.michaelfeil.euinform-fiction.orginform7.comintegrate.api.nvidia.cominvisible-island.netioke.orgiolanguage.comiopscience.iop.orgipython.orgipywidgets.readthedocs.ioisabelle.in.tum.deisocpp.orgiuuk.mff.cuni.czj3-fortran.orgjanet-lang.orgjasmin.sourceforge.netjfbillingsley.comjgm.github.iojina.aijinja.palletsprojects.comjmespath.orgjmlr.csail.mit.edujohnmacfarlane.netjournals.aps.orgjournals.plos.orgjponnela.comjsoftware.comjson-ld.orgjson-schema.orgjson5.orgjsonnet.orgjulialang.orgjuttle.github.iojzgu0buei5.us-east-1.aws.endpoints.huggingface.cloudkeras.iokid-templating.orgkippura.orgkoka-lang.github.iokotlinlang.orgkrris-mh44uf7y-eastus2.cognitiveservices.azure.comlangtrace.aileanprover-community.github.iolearn.getgrav.orglearn.microsoft.comlesscss.orglibsdl.orglicense.litellm.ailighttpd.netlilypond.orglink.aps.orglink.springer.comlinux.die.netlinuxdevcenter.comlisp-lang.orglists.sourceforge.netlitellm-ci-cd-prod.services.ai.azure.comlitellm-listing.s3.amazonaws.comlitellm-production-7002.up.railway.applitellm.ailitellm.vercel.applitellm8397336933.openai.azure.comlitellm8397336933.services.ai.azure.comlivescript.netllama.developer.meta.comllm.chutes.aillvm.orglmstudio.ailocalhost.tiangolo.comlocation-aiplatform.googleapis.comlog.athina.ailogfire-api.pydantic.devlogin.microsoftonline.comlogtalk.orgluau-lang.orgmacaulay2.commail.python.orgmanpages.debian.orgmanual.cytoscape.orgmath.berkeley.edumath.mit.edumath.stackexchange.commath.wvu.edumathworld.wolfram.commatplotlib.orgmaxima.sourceforge.netmc-stan.orgmcmc-jags.sourceforge.iomedium.commesonbuild.commetacpan.orgmetadata.google.internalmicrosoft.github.iominecraft.wikiminiscript.orgmips.commlochbaum.github.iomodel-runner.docker.internalmodelcontextprotocol.iomodels.inference.ai.azure.commodels.litellm.aimoinmo.inmomentjs.commonitor.azure.commonte.readthedocs.iomoonscript.orgmsdn.microsoft.commy-endpoint.openai.azure.commy-idp.commy-resource.services.ai.azure.commy-text-to-image.region.vendor.endpoints.huggingface.cloudmypy.readthedocs.iomüller.denano-gpt.comnasm.usnats.iondjson.orgnedbatchelder.comnemerle.orgneo4j.comnestedtext.orgnetworkx.lanl.govnetworkx.orgnew-url.comnew.webhook.sitenewspeaklanguage.orgnextjs.orgnginx.netngw.devices.sberbank.runicolas.limare.netnim-lang.orgnitlanguage.orgnixos.orgnodejs.orgnothooks.slack.comnotmuchmail.orgnovita.ainsis.sourceforge.netnumba.readthedocs.ionumpy.orgnumpydoc.readthedocs.ionusmv.fbk.euoai.endpoints.kepler.ai.cloud.ovh.netocaml.orgoeis.orgofek.devonlinelibrary.wiley.comooc-lang.github.ioopalang.orgopen.manus.imopenai.comopenaipublic.blob.core.windows.netopencobol.add1tocobol.comopenmeter.cloudopenproceedings.orgopenrouter.aiopenscad.orgopensource.orgorgmode.orgother.comotlp.agentops.cloudotlp.arize.compackages.msys2.orgpackaging.python.orgpandas.pydata.orgpaste.lisp.orgpastie.caboo.sepds-rings.seti.orgpeople.eecs.berkeley.edupeps.python.orgperldoc.perl.orgpersonal.math.ubc.capetstore3.swagger.iopexpect.readthedocs.iophix.x10.mxpig.apache.orgpike.lysator.liu.sepint.readthedocs.ioplatform.claude.complatform.minimax.ioplatform.moonshot.aiplatform.openai.complatform.stability.aiportal.acm.orgposthog.comprojects.eclipse.orgprometheus.ioproxy.qualifire.aiprql-lang.orgpsysh.orgptls.devpub.ist.ac.atpubsub.googleapis.compugjs.orgpuppet.compydantic-docs.helpmanual.iopydub.compygments.orgpygraphviz.github.iopyinstaller.readthedocs.iopyos.github.iopyperclip.readthedocs.iopypi.orgpypi.python.orgpython-devtools.helpmanual.iopython-requests.orgpython-sounddevice.readthedocs.iopython-soundfile.readthedocs.iopython.livinglogic.depython.orgpytorch.orgpyyaml.orgqlik.comqueue.fal.runracket-lang.orgraw.githubusercontent.comreact.devreasonml.github.ioredis.ioreferencing.readthedocs.orgrefspecs.linuxfoundation.orgrelaxng.orgreplicate.comrequests.readthedocs.ioresend.comrich.readthedocs.ioriverbed.comroboconf.github.iorobotframework.orgrosettacode.orgrouter.huggingface.corpm-software-management.github.ioruntime.sagemakerrussellfunk.orgrzimmerman.github.ios3.amazonaws.coms3.us-west-2.amazonaws.comsanssecours.github.iosariyuce.comsass-lang.comscalate.fusesource.orgscalate.github.ioschemas.microsoft.comscikit-image.orgscipy-cookbook.readthedocs.ioscipy-lectures.orgscipy.orgsecretmanager.googleapis.comsel4.systemsserper.devserver.lasso.securityserverfault.comservice-name.domainservice.api.aisecurity.paloaltonetworks.comserving.app.predibase.comsethmlarson.devsetuptools.pypa.ioshenlanguage.orgshex.iosites.cs.ucsb.eduskarnet.orgslim-template.github.iosnowballstem.orgsoliditylang.orgsource.android.comsourceware.orgspdx.devspec.commonmark.orgspecifications.freedesktop.orgspecifications.openehr.orgspinroot.comssrg.nicta.com.austackoverflow.comstarlette.devstorage.azure.comstorage.googleapis.comstream-b.svc.rno2.c.replicate.netsupercollider.github.ioswagger.iotact-lang.orgtango.freedesktop.orgtest.comtestanything.orgtexfaq.orgtexttospeech.googleapis.comthrift.apache.orgtiddlywiki.comtikz.devtimeapi.iotldp.orgtodotxt.comtoml.ioton-blockchain.github.iotools.ietf.orgtqdm.github.iotrace.wandb.aitravis-ci.orgtreetop.rubyforge.orgtruststore.readthedocs.iottssh2.osdn.jptug.orgtwig.symfony.comtwistedmatrix.comtwitter.comtyper.tiangolo.comtyping.python.orgtypst.appunicode-org.github.iounicode.orgunpkg.comupload.wikimedia.orgurllib3.readthedocs.ious-central1-aiplatform.googleapis.comus-east-1.console.aws.amazon.comus-west-2.console.aws.amazon.comus.cloud.langfuse.comus.i.posthog.comus.posthog.comus3.php.netusers.cecs.anu.edu.auv0.devvala.devvelocity.apache.orgvercel.comverifpal.comvideolectures.netviews.scientific-python.orgvirustotal.github.iovlado.fmf.uni-lj.sivt100.netvuejs.orgvyper.readthedocs.iowatchfiles.helpmanual.ioweb.archive.orgweb.cs.wpi.eduweb.eecs.utk.eduweb.math.princeton.eduweb.mit.eduwebassembly.github.iowebassembly.orgwebhook-test.comwebhook.sitewebsockets.readthedocs.iowhiley.orgwiki.archlinux.orgwiki.debian.orgwiki.haskell.orgwiki.portal.chalmers.sewiki.python.orgwiki.secondlife.comwiki.xxiivv.comwixtoolset.orgwowpedia.fandom.comwrapdb.mesonbuild.comwren.iowuecampus2.uni-wuerzburg.dewww-cs-students.stanford.eduwww-personal.umich.eduwww.adaic.orgwww.adobe.comwww.algorithmic-solutions.infowww.ams.orgwww.analytictech.comwww.ansys.comwww.antlr.orgwww.apache.orgwww.apoioinformatica.inf.brwww.archlinux.orgwww.audacityteam.orgwww.autohotkey.comwww.autoitscript.comwww.aws-services.infowww.awsarchitectureblog.comwww.bbcbasic.co.ukwww.bbcode.orgwww.broadcom.comwww.cappuccino.devwww.cheetahtemplate.orgwww.cl.cam.ac.ukwww.colm.netwww.combinatorics.orgwww.comet.comwww.compuphase.comwww.coolmath.comwww.crummy.comwww.cryptol.netwww.cs.cornell.eduwww.cs.purdue.eduwww.cs.technion.ac.ilwww.cs.umd.eduwww.cs.uu.nlwww.cse.msu.eduwww.debian.orgwww.delorie.comwww.devicetree.orgwww.djangoproject.comwww.eclipse.orgwww.ecma-international.orgwww.egenix.comwww.eiffel.comwww.embarcadero.comwww.erlang.orgwww.example.珠宝www.exelisvis.comwww.fantom.orgwww.felix-lang.orgwww.fico.comwww.fim.uni-passau.dewww.forth.comwww.freebsd.orgwww.freedesktop.orgwww.fstar-lang.orgwww.gap-system.orgwww.gexf.netwww.github.comwww.gmarts.orgwww.gnu.orgwww.godotengine.orgwww.google.comwww.googleapis.comwww.grantjenks.comwww.graphdegeneracy.orgwww.graphviz.orgwww.haskell.orgwww.iana.orgwww.ibm.comwww.ics.uci.eduwww.idris-lang.orgwww.ietf.orgwww.indusoft.comwww.informatik.uni-augsburg.dewww.intel.comwww.itu.intwww.jmlr.orgwww.json.orgwww.jstor.orgwww.kernel.orgwww.khronos.orgwww.l3harrisgeospatial.comwww.lassosoft.comwww.libarchive.orgwww.litellm.aiwww.logilab.orgwww.lua.orgwww.makotemplates.orgwww.maplesoft.comwww.masonhq.comwww.math.hmc.eduwww.math.uchicago.eduwww.math.ucsd.eduwww.mathjax.orgwww.mathworks.comwww.mcbe-dev.netwww.mcternan.me.ukwww.mdpi.comwww.mediawiki.orgwww.microsoft.comwww.modelica.orgwww.modula2.orgwww.monokai.nlwww.moo.mud.orgwww.mql5.comwww.mrc-bsu.cam.ac.ukwww.mupad.comwww.muppetlabs.comwww.myghty.orgwww.mysql.comwww.ncl.ucar.eduwww.newlisp.orgwww.nordtheme.comwww.oasis-open.orgwww.okta.comwww.omg.orgwww.openblas.netwww.openbugs.infowww.opendylan.orgwww.openehr.orgwww.opengroup.orgwww.openldap.orgwww.openpgp.orgwww.openpolicyagent.orgwww.oracle.comwww.oreilly.comwww.parasail-lang.orgwww.perl.orgwww.php.netwww.pnas.orgwww.ponylang.iowww.portaudio.comwww.postgresql.orgwww.povray.orgwww.praat.orgwww.progress.comwww.pyopenssl.orgwww.python-httpx.orgwww.python.orgwww.r-project.orgwww.raku.orgwww.rebol.comwww.recraft.aiwww.red-bean.comwww.red-lang.orgwww.regressive.orgwww.researchgate.netwww.rexxinfo.orgwww.rfc-base.orgwww.rfc-editor.orgwww.ruby-lang.orgwww.rubydoc.infowww.rust-lang.orgwww.santafe.eduwww.santofortunato.netwww.sarl.iowww.scala-lang.orgwww.scheme-reports.orgwww.scielo.brwww.sciencedirect.comwww.scilab.orgwww.scipy.orgwww.scivision.devwww.searchapi.iowww.smalltalk.orgwww.smarty.netwww.spicelang.comwww.sqlite.orgwww.squid-cache.orgwww.starlette.devwww.stata.comwww.stats.ox.ac.ukwww.stixfonts.orgwww.swift.orgwww.swig.orgwww.sylabs.iowww.systutorials.comwww.tads.orgwww.tcl.tkwww.tcsh.orgwww.terraform.iowww.textualize.iowww.thermoscientific.comwww.thingsdb.netwww.tondering.dkwww.tsql.infowww.typescriptlang.orgwww.unicode.orgwww.unicon.orgwww.varnish-software.comwww.vim.orgwww.visual-prolog.comwww.vitanuova.comwww.volcengine.comwww.w3.orgwww.w3schools.comwww.wavemetrics.comwww.win.tue.nlwww.wolfram.comwww.workwithcolor.comwww.x.orgwww.xudongz.comwww.xyz.eduwww.youtube.comwww.yworks.comwww.zapier.comwww.zeek.orgwww.ziglang.orgwww.аррӏе.comwww2.asanet.orgwww2.cs.arizona.edux10-lang.orgxn--fiqs8s.icom.museumyahoo.comyaml.orgyour-api.comyour-guardrail-api.comyour-mcp-server.comyour-milvus-endpoint.comyour-proxy.comyour-resource.cognitiveservices.azure.comyour-resource.openai.azure.comyour-searxng-instance.comzephir-lang.comziglang.org中国.icom.museum

medium first-party (python) A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/aider/models.py:959 repo/aider/models.py:966
hub Dependency data flows (12)
high litellm dependency A credential read from the environment/filesystem flows to an external network call in a non-auth-header position (request body). Review what is sent.
pkgs/python/[email protected]/litellm/proxy_auth/credentials.py:162 pkgs/python/[email protected]/litellm/proxy_auth/credentials.py:161
medium litellm dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket_base.py:90 pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket_base.py:109
medium litellm dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/integrations/lago.py:178 pkgs/python/[email protected]/litellm/integrations/lago.py:198
medium litellm dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/integrations/lago.py:178 pkgs/python/[email protected]/litellm/integrations/lago.py:201
medium litellm dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:895 pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:914
medium litellm dependency A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/python/[email protected]/litellm/llms/bedrock/files/handler.py:144 pkgs/python/[email protected]/litellm/llms/bedrock/files/handler.py:160
medium litellm dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/llms/databricks/common_utils.py:341 pkgs/python/[email protected]/litellm/llms/databricks/common_utils.py:394
medium litellm dependency A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:77 pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:83
medium litellm dependency A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/python/[email protected]/litellm/llms/sagemaker/completion/handler.py:592 pkgs/python/[email protected]/litellm/llms/sagemaker/completion/handler.py:665
medium litellm dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/main.py:2840 pkgs/python/[email protected]/litellm/main.py:2887
medium litellm dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:142 pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:193
medium litellm dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:73 pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:76

</> First-Party Code

first-party (python)

python first-party
medium telemetry production #eef97382ceda70f5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/aider/analytics.py:8
from mixpanel import MixpanelException

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #30ab92460dd0f54e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/aider/analytics.py:9
from posthog import Posthog

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ed14693a8d6bff1c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/aider/analytics.py:235
                self.mp.track(self.user_id, event_name, dict(properties))

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium pii_flow production #a5e18907bee10e68 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/aider/models.py:966 · flow /tmp/closeopen-15sim72j/repo/aider/models.py:959 → /tmp/closeopen-15sim72j/repo/aider/models.py:966
            res = requests.get(url, headers=headers)

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

expand_more 231 low-confidence finding(s)
low env_fs production #748953df82a627ae Filesystem access.
repo/aider/analytics.py:162
                data = json.loads(data_file.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f0877c5bb421fc28 Filesystem access.
repo/aider/analytics.py:181
            data_file.write_text(json.dumps(data, indent=4))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2da875a96c613486 Filesystem access.
repo/aider/analytics.py:250
                with open(self.logfile, "a") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0ff3f4f00b7e601 Environment-variable access.
repo/aider/args.py:873
    os.environ["COLUMNS"] = "70"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ae0e7ece04ab6508 Environment-variable access.
repo/aider/args.py:886
    os.environ["COLUMNS"] = "100"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3c3bdc373d7c70e Environment-variable access.
repo/aider/args.py:899
    os.environ["COLUMNS"] = "120"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a862e08dd800745a Filesystem access.
repo/aider/coders/base_coder.py:520
            history_md = self.io.read_text(self.io.chat_history_file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4b1a2829f8ba2212 Filesystem access.
repo/aider/coders/base_coder.py:600
            content = self.io.read_text(fname)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e1876fbaef0a36e Filesystem access.
repo/aider/coders/base_coder.py:614
            content = self.io.read_text(_fname)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34d2da16ce98f1ea Filesystem access.
repo/aider/coders/base_coder.py:662
            content = self.io.read_text(fname)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7eca4f25e5231f8b Filesystem access.
repo/aider/coders/base_coder.py:838
            with open(fname, "rb") as image_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #863a9f1206e900f9 Environment-variable access.
repo/aider/coders/base_coder.py:1120
            lang = os.environ.get(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #699a93ea9624e0f3 Environment-variable access.
repo/aider/coders/base_coder.py:1136
        shell_val = os.getenv(shell_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f5d7ea00a3291d8 Environment-variable access.
repo/aider/coders/base_coder.py:1349
        delay = float(os.environ.get("AIDER_CACHE_KEEPALIVE_DELAY", delay))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4556971097c2a9df Filesystem access.
repo/aider/coders/base_coder.py:2259
            content = self.io.read_text(fname)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e19585016638868 Filesystem access.
repo/aider/coders/editblock_coder.py:52
                content = self.io.read_text(full_path)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fec6b38f0fa6bef2 Filesystem access.
repo/aider/coders/editblock_coder.py:61
                    content = self.io.read_text(full_path)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52dba1968adac544 Filesystem access.
repo/aider/coders/editblock_coder.py:71
                    self.io.write_text(full_path, new_content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #db7ba9f4495f27b9 Filesystem access.
repo/aider/coders/editblock_coder.py:89
            content = self.io.read_text(full_path)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #900c294b679ba612 Filesystem access.
repo/aider/coders/editblock_coder.py:632
    history_md = Path(sys.argv[1]).read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7fa44f7ae17075b9 Filesystem access.
repo/aider/coders/editblock_func_coder.py:127
            content = self.io.read_text(full_path)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7fef5d39e058df8 Filesystem access.
repo/aider/coders/editblock_func_coder.py:130
                self.io.write_text(full_path, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5ca1442cbc7d8d07 Filesystem access.
repo/aider/coders/patch_coder.py:263
                file_content = self.io.read_text(abs_path)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d16790008a7c99fd Filesystem access.
repo/aider/coders/patch_coder.py:580
                    self.io.write_text(full_path, content_to_write)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b80e7e1156bb0d8b Filesystem access.
repo/aider/coders/patch_coder.py:595
                    current_content = self.io.read_text(full_path)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d8416a2d505dcd7 Filesystem access.
repo/aider/coders/patch_coder.py:623
                    self.io.write_text(target_full_path, new_content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36697b2d6cea3e2c Filesystem access.
repo/aider/coders/search_replace.py:207
        Path("tmp.html").write_text(html)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa1f81fb8272c6d6 Filesystem access.
repo/aider/coders/search_replace.py:289
        Path("tmp.search_replace_diff.html").write_text(html)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85612f865dff10ae Filesystem access.
repo/aider/coders/search_replace.py:383
        Path("tmp.search_replace_diff.html").write_text(html)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6e5197b0a1e3b51 Filesystem access.
repo/aider/coders/search_replace.py:457
        fname.write_text(original_text)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b46c7818e21af80 Filesystem access.
repo/aider/coders/search_replace.py:462
        fname.write_text(search_text)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b3e7f2a11cf4483f Filesystem access.
repo/aider/coders/search_replace.py:466
        fname.write_text(replace_text)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4b2d0ceb650a9499 Filesystem access.
repo/aider/coders/search_replace.py:481
        new_text = fname.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #91ae51edf37d4faa Filesystem access.
repo/aider/coders/search_replace.py:493
        fname.write_text(search_text)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a0956cd6dfab256 Filesystem access.
repo/aider/coders/search_replace.py:499
        fname.write_text(replace_text)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #57581c7a62c64315 Filesystem access.
repo/aider/coders/search_replace.py:508
        fname.write_text(original_text)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #50fff5a38fe86213 Filesystem access.
repo/aider/coders/search_replace.py:519
        new_text = fname.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5935d5fbffa3842b Filesystem access.
repo/aider/coders/search_replace.py:618
    text = Path(fname).read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb625d75df5baecb Filesystem access.
repo/aider/coders/search_replace.py:678
            out_fname.write_text(res)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0faebab8182df130 Filesystem access.
repo/aider/coders/search_replace.py:680
            correct = (dname / "correct").read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba8faefbf9995a63 Filesystem access.
repo/aider/coders/single_wholefile_func_coder.py:72
        content = self.io.read_text(full_path)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4e32f49c0e8bb0b Filesystem access.
repo/aider/coders/single_wholefile_func_coder.py:102
            self.io.write_text(full_path, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7281943bd2e6adb4 Filesystem access.
repo/aider/coders/udiff_coder.py:89
            content = self.io.read_text(full_path)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3caacaf3c7a4112e Filesystem access.
repo/aider/coders/udiff_coder.py:112
            self.io.write_text(full_path, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6df851c0a920c783 Filesystem access.
repo/aider/coders/wholefile_coder.py:128
            self.io.write_text(full_path, new_lines)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bed5dc1180e18960 Filesystem access.
repo/aider/coders/wholefile_coder.py:132
            orig_lines = self.io.read_text(full_path)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55eb9ac810fa8201 Filesystem access.
repo/aider/coders/wholefile_func_coder.py:95
        content = self.io.read_text(full_path)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9bfc5b60fd0f3d37 Filesystem access.
repo/aider/commands.py:486
            content = self.io.read_text(fname)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #878b4c600115c0a6 Filesystem access.
repo/aider/commands.py:498
            content = self.io.read_text(fname)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9333b6e42c553d24 Filesystem access.
repo/aider/commands.py:896
                content = self.io.read_text(abs_file_path)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2727c495dc0ab6ec Environment-variable access.
repo/aider/commands.py:1256
            if "OPENAI_API_KEY" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10e75aea06d57bb9 Filesystem access.
repo/aider/commands.py:1472
            with open(args.strip(), "r", encoding=self.io.encoding, errors="replace") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44525eac075ee338 Filesystem access.
repo/aider/commands.py:1504
            with open(args.strip(), "w", encoding=self.io.encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b549d4171e41f94 Filesystem access.
repo/aider/diffs.py:14
    with open(file_orig, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #09d4e01a745412b4 Filesystem access.
repo/aider/diffs.py:17
    with open(file_updated, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #acd620166ac911ac Environment-variable access.
repo/aider/editor.py:85
    editor = os.environ.get("VISUAL", os.environ.get("EDITOR", default))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8da62483748c34f5 Filesystem access.
repo/aider/editor.py:135
    with open(filepath, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4427a21ee6bc7c19 Filesystem access.
repo/aider/help.py:115
                text=importlib_resources.files("aider.website")
                .joinpath(fname)
                .read_text(encoding="utf-8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99547d8e584f8849 Environment-variable access.
repo/aider/help.py:138
        os.environ["TOKENIZERS_PARALLELISM"] = "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #96e8d5a9f39d1f9c Filesystem access.
repo/aider/history.py:135
    with open(args.filename, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #50e833fa52001dbe Filesystem access.
repo/aider/io.py:134
                with open(fname, "r", encoding=self.encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d1496bb040442df Environment-variable access.
repo/aider/io.py:279
        no_color = os.environ.get("NO_COLOR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ea7722547b9708f Filesystem access.
repo/aider/io.py:437
            with open(str(filename), "rb") as image_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5acdaf7b55fb88e2 Filesystem access.
repo/aider/io.py:458
            with open(str(filename), "r", encoding=self.encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d5099b2366fbf8b8 Filesystem access.
repo/aider/io.py:493
                with open(str(filename), "w", encoding=self.encoding, newline=self.newline) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5bd61b1b95e33d32 Filesystem access.
repo/aider/io.py:760
            with open(self.llm_history_file, "a", encoding="utf-8") as log_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9985c76cf7e2d1b0 Filesystem access.
repo/aider/linter.py:85
            code = Path(fname).read_text(encoding=self.encoding, errors="replace")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #717d959329f69845 Environment-variable access.
repo/aider/llm.py:12
os.environ["OR_SITE_URL"] = AIDER_SITE_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab550d679a348c81 Environment-variable access.
repo/aider/llm.py:13
os.environ["OR_APP_NAME"] = AIDER_APP_NAME

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2622d1ea20de81ab Environment-variable access.
repo/aider/llm.py:14
os.environ["LITELLM_MODE"] = "PRODUCTION"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b27ff84e461fda4 Filesystem access.
repo/aider/main.py:48
                with open(config_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #358d0cabe0da3c42 Filesystem access.
repo/aider/main.py:176
                content = io.read_text(gitignore_file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f1bf9545343a531 Filesystem access.
repo/aider/main.py:197
        io.write_text(gitignore_file, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0bef56437a86d211 Filesystem access.
repo/aider/main.py:227
        with open(credential_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e957114f3e6346e4 Environment-variable access.
repo/aider/main.py:522
        os.environ["SSL_VERIFY"] = ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5846765fce3d4f6a Environment-variable access.
repo/aider/main.py:594
                os.environ[name.strip()] = value.strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bc6e91ce252f704b Environment-variable access.
repo/aider/main.py:606
                os.environ[env_var] = key.strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c95191098d36f918 Environment-variable access.
repo/aider/main.py:613
        os.environ["ANTHROPIC_API_KEY"] = args.anthropic_api_key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #683741f5b072ec35 Environment-variable access.
repo/aider/main.py:616
        os.environ["OPENAI_API_KEY"] = args.openai_api_key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #76621d2b67c8961f Environment-variable access.
repo/aider/main.py:621
        os.environ["OPENAI_API_BASE"] = args.openai_api_base

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #30444ca70834da0c Environment-variable access.
repo/aider/main.py:626
        os.environ["OPENAI_API_VERSION"] = args.openai_api_version

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f16f73a32e3361cb Environment-variable access.
repo/aider/main.py:629
        os.environ["OPENAI_API_TYPE"] = args.openai_api_type

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #87c5d8661fd8859c Environment-variable access.
repo/aider/main.py:634
        os.environ["OPENAI_ORGANIZATION"] = args.openai_organization_id

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #591145925a7633d0 Environment-variable access.
repo/aider/main.py:786
    if args.model.startswith("openrouter/") and not os.environ.get("OPENROUTER_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f372c669d6310ee5 Environment-variable access.
repo/aider/main.py:795
            if os.environ.get("OPENROUTER_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2d152ac50f8d6ff1 Filesystem access.
repo/aider/main.py:1083
        content = io.read_text(args.apply)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e953533a820a51f Filesystem access.
repo/aider/main.py:1138
            message_from_file = io.read_text(args.message_file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7dabd088c8ca80c6 Filesystem access.
repo/aider/main.py:1200
            with open(installs_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a52db8ed1857112 Filesystem access.
repo/aider/main.py:1214
            with open(installs_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b76e265c434a85d9 Filesystem access.
repo/aider/mdstream.py:232
    with open("aider/io.py", "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb632fa408fdbbdd Filesystem access.
repo/aider/models.py:194
                        self.content = json.loads(self.cache_file.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b3ddcec432f8091c Filesystem access.
repo/aider/models.py:212
                    self.cache_file.write_text(json.dumps(self.content, indent=4))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #29dc327e9b28f245 Filesystem access.
repo/aider/models.py:219
                self.cache_file.write_text("{}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef7c5a1028aaaa5f Environment-variable access.
repo/aider/models.py:740
        if var and os.environ.get(var):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d8ecba8a1b715409 Environment-variable access.
repo/aider/models.py:758
                if os.environ.get("AWS_PROFILE"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99bfd9d71bbe359a Environment-variable access.
repo/aider/models.py:939
        if openai_api_key not in os.environ or (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c9ac67cc138e031 Environment-variable access.
repo/aider/models.py:940
            int(dict(x.split("=") for x in os.environ[openai_api_key].split(";"))["exp"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a38376dc60761a33 Environment-variable access.
repo/aider/models.py:951
            if "GITHUB_COPILOT_TOKEN" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b89e25fed4fd64a Environment-variable access.
repo/aider/models.py:954
            github_token = os.environ["GITHUB_COPILOT_TOKEN"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ec166afab42ac28 Environment-variable access.
repo/aider/models.py:959
                "Authorization": f"Bearer {os.environ['GITHUB_COPILOT_TOKEN']}",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #0a2ba13d232457af Hardcoded external endpoint. Review what data is sent to this destination.
repo/aider/models.py:966
            res = requests.get(url, headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #883e506c5c18a5eb Environment-variable access.
repo/aider/models.py:983
            os.environ[openai_api_key] = token

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f77b955e0fc26d96 Environment-variable access.
repo/aider/models.py:986
        if os.environ.get("AIDER_SANITY_CHECK_TURNS"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #680a82bbeb9a289a Environment-variable access.
repo/aider/models.py:1027
        if "GITHUB_COPILOT_TOKEN" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #89c170e560944514 Filesystem access.
repo/aider/models.py:1091
        if not Path(model_settings_fname).read_text().strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7b3ef5925c7d4abe Filesystem access.
repo/aider/models.py:1095
            with open(model_settings_fname, "r") as model_settings_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4e18583ee674078 Filesystem access.
repo/aider/models.py:1119
            data = Path(model_fname).read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b3e787018589359 Environment-variable access.
repo/aider/models.py:1139
        if var not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5fe745b12a617e80 Environment-variable access.
repo/aider/models.py:1171
            value = os.environ.get(key, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #f9afd70f263f82c0 Hardcoded external endpoint. Review what data is sent to this destination.
repo/aider/onboarding.py:30
        response = requests.get(
            "https://openrouter.ai/api/v1/auth/key",
            headers={"Authorization": f"Bearer {api_key}"},
            timeout=5,  # Add a reasonable timeout
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #03333fdf40656206 Environment-variable access.
repo/aider/onboarding.py:53
    openrouter_key = os.environ.get("OPENROUTER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #62196b593e46ff09 Environment-variable access.
repo/aider/onboarding.py:72
        api_key_value = os.environ.get(env_key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6746ab19020d34ae Environment-variable access.
repo/aider/onboarding.py:102
            os.environ["OPENROUTER_API_KEY"] = openrouter_key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #1660465523cb9cb3 Hardcoded external endpoint. Review what data is sent to this destination.
repo/aider/onboarding.py:177
        response = requests.post(
            "https://openrouter.ai/api/v1/auth/keys",
            headers={"Content-Type": "application/json"},
            json={
                "code": code,
                "code_verifier": code_verifier,
                "code_challenge_method": "S256",
            },
            timeout=30,  # Add a timeout
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #99ca3629eaf07b02 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/aider/onboarding.py:177
        response = requests.post(
            "https://openrouter.ai/api/v1/auth/keys",
            headers={"Content-Type": "application/json"},
            json={
                "code": code,
                "code_verifier": code_verifier,
                "code_challenge_method": "S256",
            },
            timeout=30,  # Add a timeout
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #492d58edaea7f03b Environment-variable access.
repo/aider/onboarding.py:359
        os.environ["OPENROUTER_API_KEY"] = api_key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22051a04ac4486eb Filesystem access.
repo/aider/onboarding.py:366
            with open(key_file, "a", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7532dc827e6081a Environment-variable access.
repo/aider/onboarding.py:411
    if "OPENROUTER_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #79e544684e751bcc Filesystem access.
repo/aider/openrouter.py:105
                        self.content = json.loads(self.cache_file.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #92cc86dd35a577b3 Filesystem access.
repo/aider/openrouter.py:120
                    self.cache_file.write_text(json.dumps(self.content, indent=2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6b2f605370a9fb60 Filesystem access.
repo/aider/openrouter.py:126
                self.cache_file.write_text("{}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d68f727d8384b8ef Environment-variable access.
repo/aider/repo.py:42
    os.environ[var_name] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3501543dc59acca5 Environment-variable access.
repo/aider/repo.py:47
            os.environ[var_name] = original_value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d4381b63467ab35c Environment-variable access.
repo/aider/repo.py:48
        elif var_name in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #baefbf002a0812d1 Environment-variable access.
repo/aider/repo.py:49
            del os.environ[var_name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ce6c4405c4a2b3e Environment-variable access.
repo/aider/repo.py:292
        original_committer_name_env = os.environ.get("GIT_COMMITTER_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f93f7c595469f2ce Environment-variable access.
repo/aider/repo.py:293
        original_author_name_env = os.environ.get("GIT_AUTHOR_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bcb165e80d8935c5 Filesystem access.
repo/aider/repo.py:517
            lines = self.aider_ignore_file.read_text().splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d47999a76bb9351 Filesystem access.
repo/aider/repomap.py:294
        query_scm = query_scm.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #00474233ef92a4e4 Filesystem access.
repo/aider/repomap.py:296
        code = self.io.read_text(fname)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd901efee5a47928 Filesystem access.
repo/aider/repomap.py:721
            code = self.io.read_text(abs_fname) or ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e16e8f7a13b4448 Environment-variable access.
repo/aider/run_cmd.py:47
        shell = os.environ.get("SHELL", "/bin/sh")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #914024d8fda7b29e Environment-variable access.
repo/aider/run_cmd.py:108
        shell = os.environ.get("SHELL", "/bin/sh")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa60392c2971c6df Environment-variable access.
repo/aider/versioncheck.py:39
    docker_image = os.environ.get("AIDER_DOCKER_IMAGE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #7b77f21c00c4c87b Hardcoded external endpoint. Review what data is sent to this destination.
repo/aider/versioncheck.py:78
        response = requests.get("https://pypi.org/pypi/aider-chat/json")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #51bb2872041c1c67 Filesystem access.
repo/aider/voice.py:167
        with open(filename, "rb") as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c937c1ada6173a40 Environment-variable access.
repo/aider/voice.py:184
    api_key = os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb0550f79f84c568 Filesystem access.
repo/aider/watch.py:59
            with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #044c4640752d5d06 Filesystem access.
repo/aider/watch.py:224
            code = self.io.read_text(fname)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea0454aad5d42433 Filesystem access.
repo/aider/watch.py:262
        content = self.io.read_text(filepath, silent=True)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #abffb0e3b8758604 Environment-variable access.
repo/benchmark/benchmark.py:33
BENCHMARK_DNAME = Path(os.environ.get("AIDER_BENCHMARK_DIR", "tmp.benchmarks"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cb094ade4ea80317 Environment-variable access.
repo/benchmark/benchmark.py:252
    if "AIDER_DOCKER" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bb5ae0f032d81fab Filesystem access.
repo/benchmark/benchmark.py:460
                results = json.loads(fname.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #12c4302ac1efb410 Filesystem access.
repo/benchmark/benchmark.py:658
    res = replay_fname.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1f9c70e326d4b92b Filesystem access.
repo/benchmark/benchmark.py:676
        results_fname.write_text(json.dumps(dict(exception=traceback.format_exc())))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d0d3a4323406b9f3 Filesystem access.
repo/benchmark/benchmark.py:709
            res = json.loads(results_fname.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8c40d5133ce9f9e5 Filesystem access.
repo/benchmark/benchmark.py:723
    with open(config_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8fc8c03354ad4f39 Filesystem access.
repo/benchmark/benchmark.py:778
        instructions += introduction.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b2e21180cfe71d57 Filesystem access.
repo/benchmark/benchmark.py:779
    instructions += (testdir / ".docs/instructions.md").read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4487d5943d6f247a Filesystem access.
repo/benchmark/benchmark.py:782
        instructions += instructions_append.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7559c03719fca5fb Filesystem access.
repo/benchmark/benchmark.py:976
    results_fname.write_text(json.dumps(results, indent=4))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6649802ca8244020 Filesystem access.
repo/benchmark/benchmark.py:1021
                content = test_file.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7f2b66fda4529228 Filesystem access.
repo/benchmark/benchmark.py:1023
                test_file.write_text(content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #36438063a74c60eb Filesystem access.
repo/benchmark/over_time.py:79
        with open(yaml_file, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #34a90bcbc11dfe44 Filesystem access.
repo/benchmark/problem_stats.py:18
    with open("aider/website/_data/polyglot_leaderboard.yml") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6fd5ebcb10afb247 Filesystem access.
repo/benchmark/problem_stats.py:40
            results = json.loads(fname.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d10bd27c7bf49517 Filesystem access.
repo/benchmark/problem_stats.py:95
                            open("aider/website/_data/polyglot_leaderboard.yml")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #827e80d8734a6eab Filesystem access.
repo/benchmark/refactor_tools.py:63
    with open(fname, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #666457ba36e660cf Filesystem access.
repo/benchmark/refactor_tools.py:132
        with open(filename, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #21b4a7d795a83e97 Filesystem access.
repo/benchmark/refactor_tools.py:170
    ins_fname.write_text(f"""# Refactor {class_name}.{method_name}

Refactor the `{method_name}` method in the `{class_name}` class to be a stand alone, top level function.
Name the new function `{method_name}`, exactly the same name as the existing method.
Update any existing `self.{method_name}` calls to work with the new `{method_name}` function.
""")  # noqa: E501

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f5b52273d6fb2923 Filesystem access.
repo/benchmark/refactor_tools.py:178
    test_fname.write_text(f"""
import unittest
from benchmark.refactor_tools import verify_refactor
from pathlib import Path

class TheTest(unittest.TestCase):
    def test_{method_name}(self):
        fname = Path(__file__).parent / "{fname.name}"
        method = "{method_name}"
        method_children = {method_children}

        class_name = "{class_name}"
        class_children = {class_children}

        verify_refactor(fname, method, method_children, class_name, class_children)

if __name__ == "__main__":
    unittest.main()
""")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5fa1cb4128e58a2f Filesystem access.
repo/benchmark/swe_bench.py:12
    with open(data_file, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8cd035b83a5fc1e1 Filesystem access.
repo/scripts/30k-image.py:39
    with open(font_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1bfe83dc49d38959 Filesystem access.
repo/scripts/30k-image.py:200
        with open(output_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #808f4f80d0fa77b2 Filesystem access.
repo/scripts/blame.py:174
            with open(args.output, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #da32149c31425e43 Filesystem access.
repo/scripts/blame.py:216
        with open(args.output, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a83299317340f9dc Filesystem access.
repo/scripts/clean_metadata.py:98
        with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cf73a9c154929d22 Filesystem access.
repo/scripts/clean_metadata.py:116
        with open(file_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b7a24831f24ca5e4 Filesystem access.
repo/scripts/clean_metadata.py:140
        with open(litellm_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #082dc586f3dcf2aa Filesystem access.
repo/scripts/clean_metadata.py:151
        with open(aider_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #04a631cd462e842f Filesystem access.
repo/scripts/dl_icons.py:40
    with open(output_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d5b607b253662f98 Filesystem access.
repo/scripts/homepage.py:51
        with open(cache_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9560c9adb61b46d9 Filesystem access.
repo/scripts/homepage.py:79
        with open(cache_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #30dc449462ae8993 Filesystem access.
repo/scripts/homepage.py:222
        with open(blame_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #519c6e3ec817aae5 Environment-variable access.
repo/scripts/homepage.py:307
    bigquery_env = os.environ.get("USE_BIGQUERY", "false")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #59701fabd8acfb71 Environment-variable access.
repo/scripts/homepage.py:314
        api_key = os.environ.get("PEPY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e35fce6b619971e4 Environment-variable access.
repo/scripts/homepage.py:346
    bigquery_env = os.environ.get("USE_BIGQUERY", "false")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a40124b122314e93 Environment-variable access.
repo/scripts/homepage.py:353
        api_key = os.environ.get("PEPY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #898451e18a2b9c4e Filesystem access.
repo/scripts/homepage.py:422
        with open(readme_path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8a3517cffd5f3a5b Environment-variable access.
repo/scripts/homepage.py:561
    bigquery_env = os.environ.get("USE_BIGQUERY", "false")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #24ffae605df9a047 Environment-variable access.
repo/scripts/homepage.py:575
        api_key = args.api_key or os.environ.get("PEPY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow test-only Excluded from app score #6abad4dd7736ef99 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/scripts/homepage.py:597 · flow /tmp/closeopen-15sim72j/repo/scripts/homepage.py:575 → /tmp/closeopen-15sim72j/repo/scripts/homepage.py:597
    print(f"Total downloads for {args.package}: {total_downloads:,}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs test-only #472f8c2c1034930e Environment-variable access.
repo/scripts/issues.py:67
TOKEN = os.getenv("GITHUB_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only #6c84273be295c13d Hardcoded external endpoint. Review what data is sent to this destination.
repo/scripts/issues.py:78
    response = requests.get(
        f"{GITHUB_API_URL}/repos/{REPO_OWNER}/{REPO_NAME}/issues",
        headers=headers,
        params={"state": state, "per_page": 1},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low pii_flow test-only Excluded from app score #7d89dd5ad82e0fb9 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration. Non-production path — not application runtime.
repo/scripts/issues.py:78 · flow /tmp/closeopen-15sim72j/repo/scripts/issues.py:67 → /tmp/closeopen-15sim72j/repo/scripts/issues.py:78
    response = requests.get(
        f"{GITHUB_API_URL}/repos/{REPO_OWNER}/{REPO_NAME}/issues",
        headers=headers,
        params={"state": state, "per_page": 1},
    )

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

low egress test-only #8f7b09bf2ed01725 Hardcoded external endpoint. Review what data is sent to this destination.
repo/scripts/issues.py:89
            response = requests.get(
                f"{GITHUB_API_URL}/repos/{REPO_OWNER}/{REPO_NAME}/issues",
                headers=headers,
                params={"state": state, "page": page, "per_page": per_page},
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low pii_flow test-only Excluded from app score #7793c4226995ca4b A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration. Non-production path — not application runtime.
repo/scripts/issues.py:89 · flow /tmp/closeopen-15sim72j/repo/scripts/issues.py:67 → /tmp/closeopen-15sim72j/repo/scripts/issues.py:89
            response = requests.get(
                f"{GITHUB_API_URL}/repos/{REPO_OWNER}/{REPO_NAME}/issues",
                headers=headers,
                params={"state": state, "page": page, "per_page": per_page},
            )

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

low egress test-only #a903acc12030fe45 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/scripts/issues.py:142
    response = requests.post(comment_url, headers=headers, json={"body": comment_body})

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low pii_flow test-only Excluded from app score #8e97dab6eed7c829 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration. Non-production path — not application runtime.
repo/scripts/issues.py:142 · flow /tmp/closeopen-15sim72j/repo/scripts/issues.py:67 → /tmp/closeopen-15sim72j/repo/scripts/issues.py:142
    response = requests.post(comment_url, headers=headers, json={"body": comment_body})

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

low pii_flow test-only Excluded from app score #846e3f853826f547 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration. Non-production path — not application runtime.
repo/scripts/issues.py:146 · flow /tmp/closeopen-15sim72j/repo/scripts/issues.py:67 → /tmp/closeopen-15sim72j/repo/scripts/issues.py:146
    response = requests.patch(close_url, headers=headers, json={"state": "closed"})

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

low pii_flow test-only Excluded from app score #d57959c3dc16f765 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration. Non-production path — not application runtime.
repo/scripts/issues.py:164 · flow /tmp/closeopen-15sim72j/repo/scripts/issues.py:67 → /tmp/closeopen-15sim72j/repo/scripts/issues.py:164
            response = requests.get(comments_url, headers=headers)

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

low pii_flow test-only Excluded from app score #1b257f52ea602bf5 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration. Non-production path — not application runtime.
repo/scripts/issues.py:199 · flow /tmp/closeopen-15sim72j/repo/scripts/issues.py:67 → /tmp/closeopen-15sim72j/repo/scripts/issues.py:199
        response = requests.patch(url, headers=headers, json={"labels": ["question"]})

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

low egress test-only #2048306ae5e06c5d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/scripts/issues.py:238
            response = requests.post(comment_url, headers=headers, json={"body": STALE_COMMENT})

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low pii_flow test-only Excluded from app score #46e0ec70a1214e96 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration. Non-production path — not application runtime.
repo/scripts/issues.py:238 · flow /tmp/closeopen-15sim72j/repo/scripts/issues.py:67 → /tmp/closeopen-15sim72j/repo/scripts/issues.py:238
            response = requests.post(comment_url, headers=headers, json={"body": STALE_COMMENT})

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

low pii_flow test-only Excluded from app score #54e2d2a775449fb0 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration. Non-production path — not application runtime.
repo/scripts/issues.py:243 · flow /tmp/closeopen-15sim72j/repo/scripts/issues.py:67 → /tmp/closeopen-15sim72j/repo/scripts/issues.py:243
            response = requests.patch(url, headers=headers, json={"labels": ["question", "stale"]})

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

low pii_flow test-only Excluded from app score #3f10380e168a3091 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration. Non-production path — not application runtime.
repo/scripts/issues.py:262 · flow /tmp/closeopen-15sim72j/repo/scripts/issues.py:67 → /tmp/closeopen-15sim72j/repo/scripts/issues.py:262
        response = requests.get(timeline_url, headers=headers)

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

low pii_flow test-only Excluded from app score #bb18db5d339b5ee1 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration. Non-production path — not application runtime.
repo/scripts/issues.py:282 · flow /tmp/closeopen-15sim72j/repo/scripts/issues.py:67 → /tmp/closeopen-15sim72j/repo/scripts/issues.py:282
        response = requests.get(comments_url, headers=headers)

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

low pii_flow test-only Excluded from app score #d4d1743d356ba2bb PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/scripts/issues.py:295 · flow /tmp/closeopen-15sim72j/repo/scripts/issues.py:67 → /tmp/closeopen-15sim72j/repo/scripts/issues.py:295
            print(f"  {len(new_comments)} new comments since stale label")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow test-only Excluded from app score #b3f597515a6cdd8d A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration. Non-production path — not application runtime.
repo/scripts/issues.py:305 · flow /tmp/closeopen-15sim72j/repo/scripts/issues.py:67 → /tmp/closeopen-15sim72j/repo/scripts/issues.py:305
            response = requests.patch(url, headers=headers, json={"labels": ["question"]})

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

low pii_flow test-only Excluded from app score #50eb1256b181fc5b PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/scripts/issues.py:313 · flow /tmp/closeopen-15sim72j/repo/scripts/issues.py:67 → /tmp/closeopen-15sim72j/repo/scripts/issues.py:313
                print(f"  No activity for {days_stale} days since stale label")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low egress test-only #cd7449ab2ac799f0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/scripts/issues.py:323
                response = requests.post(
                    comment_url, headers=headers, json={"body": CLOSE_STALE_COMMENT}
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low pii_flow test-only Excluded from app score #3954489849ebedf8 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration. Non-production path — not application runtime.
repo/scripts/issues.py:323 · flow /tmp/closeopen-15sim72j/repo/scripts/issues.py:67 → /tmp/closeopen-15sim72j/repo/scripts/issues.py:323
                response = requests.post(
                    comment_url, headers=headers, json={"body": CLOSE_STALE_COMMENT}
                )

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

low pii_flow test-only Excluded from app score #92af22f669350d88 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration. Non-production path — not application runtime.
repo/scripts/issues.py:330 · flow /tmp/closeopen-15sim72j/repo/scripts/issues.py:67 → /tmp/closeopen-15sim72j/repo/scripts/issues.py:330
                response = requests.patch(url, headers=headers, json={"state": "closed"})

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

low pii_flow test-only Excluded from app score #0cf2bcb097dd1286 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration. Non-production path — not application runtime.
repo/scripts/issues.py:354 · flow /tmp/closeopen-15sim72j/repo/scripts/issues.py:67 → /tmp/closeopen-15sim72j/repo/scripts/issues.py:354
        response = requests.get(timeline_url, headers=headers)

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

low pii_flow test-only Excluded from app score #7eca795f1a181564 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/scripts/issues.py:374 · flow /tmp/closeopen-15sim72j/repo/scripts/issues.py:67 → /tmp/closeopen-15sim72j/repo/scripts/issues.py:374
            print(f"  Has been marked fixed for {days_fixed} days")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low egress test-only #1306919654771fac Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/scripts/issues.py:387
            response = requests.post(comment_url, headers=headers, json={"body": comment})

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low pii_flow test-only Excluded from app score #da7fdb6a4b08f062 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration. Non-production path — not application runtime.
repo/scripts/issues.py:387 · flow /tmp/closeopen-15sim72j/repo/scripts/issues.py:67 → /tmp/closeopen-15sim72j/repo/scripts/issues.py:387
            response = requests.post(comment_url, headers=headers, json={"body": comment})

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

low pii_flow test-only Excluded from app score #0ae126483e82fdbb A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration. Non-production path — not application runtime.
repo/scripts/issues.py:392 · flow /tmp/closeopen-15sim72j/repo/scripts/issues.py:67 → /tmp/closeopen-15sim72j/repo/scripts/issues.py:392
            response = requests.patch(url, headers=headers, json={"state": "closed"})

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

low env_fs test-only #36bb6582056ccb58 Filesystem access.
repo/scripts/logo_svg.py:48
    with open(tmp_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #466810017f8c5e77 Filesystem access.
repo/scripts/logo_svg.py:115
        with open(output_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #780deda6ec74d577 Filesystem access.
repo/scripts/my_models.py:13
    with open(analytics_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #930935521c2d4ce4 Environment-variable access.
repo/scripts/recording_audio.py:22
OPENAI_API_KEY = os.environ.get("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a08b4d2fa49076ae Filesystem access.
repo/scripts/recording_audio.py:35
    with open(markdown_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only #b1562f0f7945e5a7 Hardcoded external endpoint. Review what data is sent to this destination.
repo/scripts/recording_audio.py:109
        response = requests.post(url, headers=headers, json=data)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #ed103653fde8176b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/scripts/recording_audio.py:109
        response = requests.post(url, headers=headers, json=data)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low pii_flow test-only Excluded from app score #c9beba0c4ae098fb A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration. Non-production path — not application runtime.
repo/scripts/recording_audio.py:109 · flow /tmp/closeopen-15sim72j/repo/scripts/recording_audio.py:22 → /tmp/closeopen-15sim72j/repo/scripts/recording_audio.py:109
        response = requests.post(url, headers=headers, json=data)

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

low env_fs test-only #253148382e62bb6b Filesystem access.
repo/scripts/recording_audio.py:125
                with open(output_file, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow test-only Excluded from app score #77e44331cc21c7b4 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/scripts/recording_audio.py:144 · flow /tmp/closeopen-15sim72j/repo/scripts/recording_audio.py:22 → /tmp/closeopen-15sim72j/repo/scripts/recording_audio.py:144
            print(f"Error: {response.status_code}, {response.text}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs test-only #c2c99563bc3dc96a Filesystem access.
repo/scripts/recording_audio.py:157
            with open(metadata_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c0d83a853d771f71 Filesystem access.
repo/scripts/recording_audio.py:169
    with open(metadata_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dee85ea542a26de7 Filesystem access.
repo/scripts/redact-cast.py:20
    total_lines = sum(1 for _ in open(input_file, "r"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #530ae839c7a799da Filesystem access.
repo/scripts/redact-cast.py:22
    with open(input_file, "r") as fin, open(output_file, "w") as fout:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #30e8de914dd82000 Filesystem access.
repo/scripts/tsl_pack_langs.py:35
        with open(output_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7d31b362fb40bae4 Filesystem access.
repo/scripts/tsl_pack_langs.py:57
        with open(lang_def_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1034b494e16919f9 Filesystem access.
repo/scripts/update-history.py:13
    with open("HISTORY.md", "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7b187595c7b3897f Filesystem access.
repo/scripts/update-history.py:65
    with open("HISTORY.md", "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #83b2cb7491a49daf Filesystem access.
repo/scripts/update-history.py:130
    with open(hist_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f84f189c7dc5a024 Filesystem access.
repo/scripts/update-history.py:146
    with open("HISTORY.md", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d1b3b6bd51694082 Filesystem access.
repo/scripts/versionbump.py:115
    with open("aider/__init__.py", "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ed122ef411600776 Filesystem access.
repo/scripts/versionbump.py:122
        with open("aider/__init__.py", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6d4ca8c6ad348f45 Filesystem access.
repo/scripts/versionbump.py:150
        with open("aider/__init__.py", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

litellm

python dependency
high pii_flow dependency Excluded from app score #d5a44d230906e65d A credential read from the environment/filesystem flows to an external network call in a non-auth-header position (request body). Review what is sent.
pkgs/python/[email protected]/litellm/proxy_auth/credentials.py:161 · flow /tmp/closeopen-15sim72j/pkgs/python/[email protected]/litellm/proxy_auth/credentials.py:162 → /tmp/closeopen-15sim72j/pkgs/python/[email protected]/litellm/proxy_auth/credentials.py:161
        response = httpx.post(
            self.token_url,
            data={
                "grant_type": "client_credentials",
                "client_id": self.client_id,
                "client_secret": self.client_secret,
                "scope": scope,
            },
        )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry dependency Excluded from app score #d8784ecd6468a76d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/enterprise/litellm_enterprise/proxy/hooks/managed_files.py:54
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c1d4401514cc5fc2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/enterprise/litellm_enterprise/proxy/hooks/managed_vector_stores.py:25
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #42bd0f9cf66e938d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/_service_logger.py:15
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #176560c90c84082e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/caching/base_cache.py:15
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dd84c72b6726e469 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/caching/disk_cache.py:7
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d5707faffba41761 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/caching/dual_cache.py:30
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #64fd78817809ca02 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/caching/redis_cache.py:35
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a1c5bf5cba3a4d2e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/caching/redis_cluster_cache.py:13
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8638d167004a6134 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/_utils.py:15
    from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #666c6739f68e2c66 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:19
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f4b7647cfe2bf3bb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:45
        from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #625126f8cfa5095a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:46
        from opentelemetry.trace import SpanKind

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9119c4030cc25d86 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:10
    from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f593878666b4e2df Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:11
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #47e73a0fb4c75ac7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:12
    from opentelemetry.trace import SpanKind

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fb3739771e2393e4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:61
        from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a0726e1c3d831010 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:62
        from opentelemetry.trace import SpanKind

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fb4a22e3797a83f0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:160
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #737ef76b657f56cf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:202
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c4135d7078c5c101 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:247
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6dad9c6ce49ce464 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/custom_logger.py:36
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium pii_flow dependency Excluded from app score #f9127e0bda70d0a1 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket_base.py:109 · flow /tmp/closeopen-15sim72j/pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket_base.py:90 → /tmp/closeopen-15sim72j/pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket_base.py:109
        verbose_logger.debug("constructed auth_header %s", auth_header)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #49d4e2ff3599ea20 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/integrations/lago.py:198 · flow /tmp/closeopen-15sim72j/pkgs/python/[email protected]/litellm/integrations/lago.py:178 → /tmp/closeopen-15sim72j/pkgs/python/[email protected]/litellm/integrations/lago.py:198
            verbose_logger.debug(f"Logged Lago Object: {response.text}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #4082406a4e3950e8 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/integrations/lago.py:201 · flow /tmp/closeopen-15sim72j/pkgs/python/[email protected]/litellm/integrations/lago.py:178 → /tmp/closeopen-15sim72j/pkgs/python/[email protected]/litellm/integrations/lago.py:201
                verbose_logger.debug(f"\nError Message: {response.text}")

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium telemetry dependency Excluded from app score #f0b9653604e7b843 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:19
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d8bda27eb38d8067 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel_attributes.py:28
    from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #385ad85f0ec1d1aa Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/langtrace.py:7
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a062406757682528 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/levo/levo.py:7
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b99ef1b4e0dfe5f6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:28
    from opentelemetry.sdk.trace.export import SpanExporter as _SpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cfe6ae9a30e60b4a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:29
    from opentelemetry.trace import Context as _Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #087cecb213d8c271 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:30
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9f5b3e6bf5745352 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:31
    from opentelemetry.trace import Tracer as _Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #df711984fa96cf81 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:102
        from opentelemetry.sdk.trace.export.in_memory_span_exporter import (
            InMemorySpanExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ba859097367d4122 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:183
        from opentelemetry.sdk.resources import OTELResourceDetector, Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8dbc94a4bb687619 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:292
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a310649a57326f18 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:293
        from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #710eb7b37ff36caa Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:294
        from opentelemetry.trace import SpanKind

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b3ecd0bb7e6275c4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:331
        from opentelemetry import metrics

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7209602a4176966e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:332
        from opentelemetry.sdk.metrics import MeterProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #351cf9a73e5d8191 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:388
        from opentelemetry._logs import get_logger_provider, set_logger_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #107ebd23bde61555 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:389
        from opentelemetry.sdk._logs import LoggerProvider as OTLoggerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ea3240eebf684305 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:390
        from opentelemetry.sdk._logs.export import BatchLogRecordProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7721944ec72dd5e2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:431
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1dfced645f8fe37a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:432
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #be955d66c9cc00a2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:491
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c2b8572868b0c975 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:492
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ccb42dbc63b78124 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:553
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7ec4c8f5b2ac3da6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:554
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d852dcfba892e188 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:668
        from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7ac163c9aa233afb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:744
            from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f0c3a34aff1abfd2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:791
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #78a6651299cc87fe Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:811
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9e43b1510ca76d0d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:812
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8d2c3cfee47bc8fa Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1076
        from opentelemetry._logs import SeverityNumber, get_logger

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #aec56c197a92ba24 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1079
            from opentelemetry.sdk._logs import (  # type: ignore[attr-defined]  # OTEL < 1.39.0
                LogRecord as SdkLogRecord,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2b9d6da809b9bf0b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1083
            from opentelemetry.sdk._logs._internal import (
                LogRecord as SdkLogRecord,  # type: ignore[attr-defined]  # OTEL >= 1.39.0

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #00de331714035ea9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1162
        from opentelemetry import trace as _trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bd86e61f2680992e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1250
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8f3ffd4763575e30 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1920
        from opentelemetry.trace.propagation.tracecontext import (
            TraceContextTextMapPropagator,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #df2ae0f83e287441 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1931
        from opentelemetry import context, trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5f06db7b78e63dd5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1932
        from opentelemetry.trace.propagation.tracecontext import (
            TraceContextTextMapPropagator,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f7e1eedf493a12a0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:1987
        from opentelemetry.sdk.trace.export import (
            BatchSpanProcessor,
            ConsoleSpanExporter,
            SimpleSpanProcessor,
            SpanExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #74b60c3be55b44d4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2038
                from opentelemetry.exporter.otlp.proto.http.trace_exporter import (
                    OTLPSpanExporter as OTLPSpanExporterHTTP,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #44846793f79c69bb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2061
                from opentelemetry.exporter.otlp.proto.grpc.trace_exporter import (
                    OTLPSpanExporter as OTLPSpanExporterGRPC,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #36a18b71df55b0ca Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2121
            from opentelemetry.sdk._logs.export import ConsoleLogExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7826cdda946d33ab Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2133
            from opentelemetry.exporter.otlp.proto.http._log_exporter import (
                OTLPLogExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #da167c19a99bfe25 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2147
                from opentelemetry.exporter.otlp.proto.grpc._log_exporter import (
                    OTLPLogExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3e13e84c649ebf70 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2169
            from opentelemetry.sdk._logs.export import ConsoleLogExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ee877575823b7ee9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2177
        from opentelemetry.sdk.metrics import Histogram

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a558e87221a092ef Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2178
        from opentelemetry.sdk.metrics.export import (
            AggregationTemporality,
            ConsoleMetricExporter,
            PeriodicExportingMetricReader,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d402ab1bc6d67cdb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2205
            from opentelemetry.exporter.otlp.proto.http.metric_exporter import (
                OTLPMetricExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f129eba80255604c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2218
                from opentelemetry.exporter.otlp.proto.grpc.metric_exporter import (
                    OTLPMetricExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #74facffc698dc90d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2335
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5ba0b65ea19e2b18 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2336
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1a12b71def839fc9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2388
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b8932c3296a3e621 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2389
        from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5c7c27ce44b10b86 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/opentelemetry_utils/base_otel_llm_obs_attributes.py:5
    from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6ae013f0ed755b02 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/traceloop.py:39
        from opentelemetry.semconv.ai import SpanAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1c153a316eeae978 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/traceloop.py:40
        from opentelemetry.trace import SpanKind, Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cbeb739a36b190fa Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/weave/weave_otel.py:8
from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #00abe25077ffb717 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/integrations/weave/weave_otel.py:26
    from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4a6b601485920778 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/litellm_core_utils/core_helpers.py:11
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #477d86dd0b9b27b9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3501
                    import sentry_sdk

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e4fd56ffa12dc8a2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3507
                    import sentry_sdk

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f99710f3915e7c56 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3508
                from sentry_sdk.scrubber import EventScrubber

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3cbdbd6b4437fbd1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/litellm_core_utils/logging_utils.py:18
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #312f7fa95d6ea0eb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/llms/base_llm/managed_resources/base_managed_resource.py:25
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium pii_flow dependency Excluded from app score #7b8cff0080e388c8 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:914 · flow /tmp/closeopen-15sim72j/pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:895 → /tmp/closeopen-15sim72j/pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:914
            verbose_logger.debug(
                f"IRSA detected: using web identity token from {web_identity_token_file}"
            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #0d2ff1bf2e924d51 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/python/[email protected]/litellm/llms/bedrock/files/handler.py:160 · flow /tmp/closeopen-15sim72j/pkgs/python/[email protected]/litellm/llms/bedrock/files/handler.py:144 → /tmp/closeopen-15sim72j/pkgs/python/[email protected]/litellm/llms/bedrock/files/handler.py:160
        mock_response = httpx.Response(
            status_code=200,
            content=file_content,
            headers={"content-type": "application/octet-stream"},
            request=httpx.Request(method="GET", url=s3_uri),
        )

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow dependency Excluded from app score #0909e42a82cb3b24 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/llms/databricks/common_utils.py:394 · flow /tmp/closeopen-15sim72j/pkgs/python/[email protected]/litellm/llms/databricks/common_utils.py:341 → /tmp/closeopen-15sim72j/pkgs/python/[email protected]/litellm/llms/databricks/common_utils.py:394
        verbose_logger.debug(
            f"Databricks request headers: {self.redact_headers_for_logging(headers)}"
        )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #33f6eb41f6112a8e A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:83 · flow /tmp/closeopen-15sim72j/pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:77 → /tmp/closeopen-15sim72j/pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:83
        response = httpx.get(path, headers=headers, params=params)

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow dependency Excluded from app score #3a53906e2b4bace5 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/python/[email protected]/litellm/llms/sagemaker/completion/handler.py:665 · flow /tmp/closeopen-15sim72j/pkgs/python/[email protected]/litellm/llms/sagemaker/completion/handler.py:592 → /tmp/closeopen-15sim72j/pkgs/python/[email protected]/litellm/llms/sagemaker/completion/handler.py:665
        mock_response = HttpxResponse(
            status_code=200,
            content=json.dumps(response).encode("utf-8"),
            headers={"content-type": "application/json"},
        )

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow dependency Excluded from app score #62678bf5724a53d5 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/main.py:2887 · flow /tmp/closeopen-15sim72j/pkgs/python/[email protected]/litellm/main.py:2840 → /tmp/closeopen-15sim72j/pkgs/python/[email protected]/litellm/main.py:2887
                logging.post_call(
                    input=messages,
                    api_key=api_key,
                    original_response=response,
                )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium telemetry dependency Excluded from app score #e5dd479015caf71b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/_types.py:59
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b277d4a24fd5d84a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/auth/auth_checks.py:74
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #394addf4ac2874f6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/auth/auth_exception_handler.py:17
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium pii_flow dependency Excluded from app score #5fec03c4c3f5b5bf PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:193 · flow /tmp/closeopen-15sim72j/pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:142 → /tmp/closeopen-15sim72j/pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:193
            verbose_proxy_logger.debug(
                "Oauth2 token validation for token=%s, response from endpoint=%s",
                token,
                data,
            )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium telemetry dependency Excluded from app score #4c1a52c5b16d6ad7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/hooks/batch_rate_limiter.py:35
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #61d15986ab048d94 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/hooks/parallel_request_limiter.py:22
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #14a689c1bdd2267e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/hooks/parallel_request_limiter_v3.py:35
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4ab26a47b67fc7e5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:113
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #07b0677939f278eb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/proxy/utils.py:132
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d907390755aacf6d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router.py:189
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #578fc2043151ccf2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_strategy/lowest_latency.py:16
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7e45ec4e091de1c6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_strategy/lowest_tpm_rpm_v2.py:21
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1a76c8eaed10e372 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_utils/cooldown_cache.py:17
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f3620259400804fe Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_utils/cooldown_handlers.py:29
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3d7ee1ff0fbd06c7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_utils/handle_error.py:12
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #96d01159322595b8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_utils/pre_call_checks/model_rate_limit_check.py:24
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6cefa7d0e999b5be Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/litellm/router_utils/prompt_caching_cache.py:16
    from opentelemetry.trace import Span as _Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium pii_flow dependency Excluded from app score #b019e03addfef31a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:76 · flow /tmp/closeopen-15sim72j/pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:73 → /tmp/closeopen-15sim72j/pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:76
    verbose_logger.info(
        f"For Azure AD Token Provider, choosing credential type: {cred}"
    )

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

expand_more 1423 low-confidence finding(s)
low env_fs dependency Excluded from app score #6b659b411a2e2798 Environment-variable access.
pkgs/python/[email protected]/enterprise/enterprise_hooks/aporia_ai.py:46
        self.aporia_api_key = api_key or os.environ["APORIO_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8fe0ccc06914247 Environment-variable access.
pkgs/python/[email protected]/enterprise/enterprise_hooks/aporia_ai.py:47
        self.aporia_api_base = api_base or os.environ["APORIO_API_BASE"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8487e977b8495db9 Filesystem access.
pkgs/python/[email protected]/enterprise/enterprise_hooks/banned_keywords.py:34
                with open(banned_keywords_list, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3413577bb98c719 Filesystem access.
pkgs/python/[email protected]/enterprise/enterprise_hooks/blocked_user_list.py:35
                with open(blocked_user_list, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d27ab53546d5f5cf Filesystem access.
pkgs/python/[email protected]/enterprise/litellm_enterprise/enterprise_callbacks/llama_guard.py:41
                with open(file_path, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #854935fd7aa4c432 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/enterprise/litellm_enterprise/enterprise_callbacks/llm_guard.py:63
                    async with session.post(
                        analyze_url, json=analyze_payload
                    ) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #a4f0630e3117bb00 Environment-variable access.
pkgs/python/[email protected]/enterprise/litellm_enterprise/enterprise_callbacks/pagerduty/pagerduty.py:55
        _api_key = os.getenv("PAGERDUTY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7fe529a5b1c3d2f Environment-variable access.
pkgs/python/[email protected]/enterprise/litellm_enterprise/enterprise_callbacks/send_emails/base_email.py:550
        custom_logo = os.getenv("EMAIL_LOGO_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e44a9b4db46da898 Environment-variable access.
pkgs/python/[email protected]/enterprise/litellm_enterprise/enterprise_callbacks/send_emails/base_email.py:551
        custom_support = os.getenv("EMAIL_SUPPORT_CONTACT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3658ee3e52d64bd6 Environment-variable access.
pkgs/python/[email protected]/enterprise/litellm_enterprise/enterprise_callbacks/send_emails/base_email.py:552
        custom_signature = os.getenv("EMAIL_SIGNATURE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06ed9cdfb6e8ef6d Environment-variable access.
pkgs/python/[email protected]/enterprise/litellm_enterprise/enterprise_callbacks/send_emails/base_email.py:553
        custom_subject_invitation = os.getenv("EMAIL_SUBJECT_INVITATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d19a2785d8094073 Environment-variable access.
pkgs/python/[email protected]/enterprise/litellm_enterprise/enterprise_callbacks/send_emails/base_email.py:554
        custom_subject_key_created = os.getenv("EMAIL_SUBJECT_KEY_CREATED", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0675e0d70777158 Environment-variable access.
pkgs/python/[email protected]/enterprise/litellm_enterprise/enterprise_callbacks/send_emails/base_email.py:579
        base_url = os.getenv(
            "PROXY_BASE_URL", "http://0.0.0.0:4000"
        )  # Not a premium feature

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95842f4e0e9886d3 Environment-variable access.
pkgs/python/[email protected]/enterprise/litellm_enterprise/enterprise_callbacks/send_emails/base_email.py:600
            custom_subject_key_rotated = os.getenv("EMAIL_SUBJECT_KEY_ROTATED", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c06f21600fd5922 Environment-variable access.
pkgs/python/[email protected]/enterprise/litellm_enterprise/enterprise_callbacks/send_emails/resend_email.py:27
        self.resend_api_key = os.getenv("RESEND_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e32eb21747f4778 Environment-variable access.
pkgs/python/[email protected]/enterprise/litellm_enterprise/enterprise_callbacks/send_emails/sendgrid_email.py:35
        self.sendgrid_api_key = os.getenv("SENDGRID_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b64ca271b4830203 Environment-variable access.
pkgs/python/[email protected]/enterprise/litellm_enterprise/enterprise_callbacks/send_emails/sendgrid_email.py:36
        self.sendgrid_sender_email = os.getenv("SENDGRID_SENDER_EMAIL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ed5a0a7c5c6824e Environment-variable access.
pkgs/python/[email protected]/enterprise/litellm_enterprise/proxy/auth/route_checks.py:17
        if "DISABLE_LLM_API_ENDPOINTS" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #665776dbd32f49df Environment-variable access.
pkgs/python/[email protected]/enterprise/litellm_enterprise/proxy/auth/route_checks.py:35
        if "DISABLE_ADMIN_ENDPOINTS" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3830ee0d456264b2 Environment-variable access.
pkgs/python/[email protected]/enterprise/litellm_enterprise/proxy/proxy_server.py:32
            docs_description = os.getenv("DOCS_DESCRIPTION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db8907b677fbd2e5 Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:19
if os.getenv("LITELLM_MODE", "DEV") == "DEV":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f70dfad3cc1ce97 Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:87
litellm_mode = os.getenv("LITELLM_MODE", "DEV")  # "PRODUCTION", "DEV"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0beaa8a1d136ca38 Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:215
drop_params = bool(os.getenv("LITELLM_DROP_PARAMS", False))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae437dc0e057beba Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:216
modify_params = bool(os.getenv("LITELLM_MODIFY_PARAMS", False))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9914ca35790bd1c Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:218
    os.getenv("LITELLM_USE_CHAT_COMPLETIONS_URL_FOR_ANTHROPIC_MESSAGES", False)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55e991e0f19fcb19 Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:355
model_cost_map_url: str = os.getenv(
    "LITELLM_MODEL_COST_MAP_URL",
    "https://raw.githubusercontent.com/BerriAI/litellm/main/model_prices_and_context_window.json",
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf04c89917c8a47b Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:359
blog_posts_url: str = os.getenv(
    "LITELLM_BLOG_POSTS_URL",
    "https://raw.githubusercontent.com/BerriAI/litellm/main/litellm/blog_posts.json",
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f5ed2c027a72eed Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:363
anthropic_beta_headers_url: str = os.getenv(
    "LITELLM_ANTHROPIC_BETA_HEADERS_URL",
    "https://raw.githubusercontent.com/BerriAI/litellm/main/litellm/anthropic_beta_headers_config.json",
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36a97dd8f27d5ced Environment-variable access.
pkgs/python/[email protected]/litellm/__init__.py:1964
if os.getenv("LITELLM_DISABLE_LAZY_LOADING", "").lower() in ("1", "true", "yes", "on"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3492c401b5efe0b Environment-variable access.
pkgs/python/[email protected]/litellm/_logging.py:20
_ENABLE_SECRET_REDACTION = os.getenv("LITELLM_DISABLE_REDACT_SECRETS", "").lower() != "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d529dc33fa13552 Environment-variable access.
pkgs/python/[email protected]/litellm/_logging.py:100
json_logs = bool(os.getenv("JSON_LOGS", False))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3da5c0b871017a55 Environment-variable access.
pkgs/python/[email protected]/litellm/_logging.py:102
log_level = os.getenv("LITELLM_LOG", "DEBUG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6575a8ed41207a77 Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:182
    if "REDIS_URL" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eae1813ed335389a Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:183
        return os.environ["REDIS_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #274ad1eb931dbb07 Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:185
    if "REDIS_HOST" not in os.environ or "REDIS_PORT" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35f064b23c87b298 Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:190
    if "REDIS_SSL" in os.environ and os.environ["REDIS_SSL"].lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #666ee8697602727d Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:197
    if "REDIS_USERNAME" in os.environ and "REDIS_PASSWORD" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b93b6453be4ba80 Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:198
        auth_part = f"{os.environ['REDIS_USERNAME']}:{os.environ['REDIS_PASSWORD']}@"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #144b955f1b4e8e47 Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:199
    elif "REDIS_PASSWORD" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29bb2bf1375357e6 Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:200
        auth_part = f"{os.environ['REDIS_PASSWORD']}@"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #713400494ee08630 Environment-variable access.
pkgs/python/[email protected]/litellm/_redis.py:202
    return f"{redis_protocol}://{auth_part}{os.environ['REDIS_HOST']}:{os.environ['REDIS_PORT']}"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #8e74e3cde6557041 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/a2a_protocol/providers/pydantic_ai_agents/transformation.py:112
            response = await client.post(
                endpoint,
                json=poll_request,
                headers={"Content-Type": "application/json"},
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2546b8ac0af40913 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/a2a_protocol/providers/pydantic_ai_agents/transformation.py:189
        response = await client.post(
            endpoint,
            json=a2a_request,
            headers={"Content-Type": "application/json"},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #77ea04637cee32a9 Filesystem access.
pkgs/python/[email protected]/litellm/anthropic_beta_headers_manager.py:51
                files("litellm")
                .joinpath("anthropic_beta_headers_config.json")
                .read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96bb782e9ffc34dc Environment-variable access.
pkgs/python/[email protected]/litellm/anthropic_beta_headers_manager.py:142
    if os.getenv("LITELLM_LOCAL_ANTHROPIC_BETA_HEADERS", "").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8342d4226bd39f29 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:113
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20c80cd30a617aee Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:114
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f25701492bd5ec5a Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:120
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59bda93225d051a6 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:128
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c403a4c94df2f54 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:318
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83735e07ef0030e2 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:319
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8666b39f1dbfa66 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:325
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d94f9de4330f7b7 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:333
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b4e3e0ccd3fd82d Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:495
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f43fb52803c6c1c8 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:496
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85eaf7c7489c1d0a Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:502
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #855add1c9de47de5 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:510
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40ae4022708fbaf3 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:684
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2fb49d35c3884d3 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:685
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c34481df0b2716c0 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:691
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d88c5cf357f1125a Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:699
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34551622dc3152a7 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:840
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84a3042210fbef0e Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:841
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5b554198b310a6f Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:847
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c1437d973851a30 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:855
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #649cbaa044343e55 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1029
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51896facd3f7421f Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1030
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4970776de73588d Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1036
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8591ecc7f574a194 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1044
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f63aee4c5c07692 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1191
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f40ffc7060e13f7 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1192
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be2e599cab93533c Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1198
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb6a494380e7db89 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1206
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e524479b6b061f7c Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1390
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f9a6c303efb0a4f Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1391
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cac0c299a4cf503 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1397
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0285dd4e29766431 Environment-variable access.
pkgs/python/[email protected]/litellm/assistants/main.py:1405
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7eb73670bf61b497 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:263
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47602b1328817351 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:264
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25ac3a81c31282cd Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:270
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6d2dfa7bd221ea9 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:278
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a7b4073f9e3c944 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:432
            or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #289191a706ca608d Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:433
            or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46fb21271e309902 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:439
            or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05d5dd0ec82be31d Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:447
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a8af545837de6f9 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:762
            or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #223f046bcc5780ff Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:786
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc78d1efb31e1768 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:787
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ebc9cb71c6b46ac Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:793
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #070cd795baf21b6c Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:988
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4571d1edc057ab6b Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:989
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a99cbce13caba651 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:995
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7daf923040b144c2 Environment-variable access.
pkgs/python/[email protected]/litellm/batches/main.py:1002
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60d643120af709c0 Filesystem access.
pkgs/python/[email protected]/litellm/budget_manager.py:55
                with open("user_cost.json", "r") as json_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #cd779c52549ce602 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/budget_manager.py:65
            response = litellm.module_level_client.post(
                url, headers=self.headers, json=data
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #513120a267e95e69 Filesystem access.
pkgs/python/[email protected]/litellm/budget_manager.py:218
            with open("user_cost.json", "w") as json_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #2f5b01be01b5df6d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/budget_manager.py:226
            response = litellm.module_level_client.post(
                url, headers=self.headers, json=data
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #7767b8286df6ebd3 Environment-variable access.
pkgs/python/[email protected]/litellm/caching/qdrant_semantic_cache.py:75
            qdrant_api_base or os.getenv("QDRANT_URL") or os.getenv("QDRANT_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa36b44485649725 Environment-variable access.
pkgs/python/[email protected]/litellm/caching/qdrant_semantic_cache.py:77
        qdrant_api_key = qdrant_api_key or os.getenv("QDRANT_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23c583133f828591 Environment-variable access.
pkgs/python/[email protected]/litellm/caching/redis_semantic_cache.py:94
                host = host or os.environ["REDIS_HOST"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c67ed7b688bdce2 Environment-variable access.
pkgs/python/[email protected]/litellm/caching/redis_semantic_cache.py:95
                port = port or os.environ["REDIS_PORT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e11e4a74abb316e Environment-variable access.
pkgs/python/[email protected]/litellm/caching/redis_semantic_cache.py:96
                password = password or os.environ["REDIS_PASSWORD"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a5c5b58448c29ac Environment-variable access.
pkgs/python/[email protected]/litellm/completion_extras/litellm_responses_transformation/transformation.py:796
            or os.getenv("LITELLM_REASONING_AUTO_SUMMARY", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1897123225f6670d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:8
    os.getenv("DEFAULT_HEALTH_CHECK_PROMPT", "test from litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb435b21ff0d5787 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:11
    os.getenv("AZURE_DEFAULT_RESPONSES_API_VERSION", "preview")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57c54a7a4a8a8a55 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:13
ROUTER_MAX_FALLBACKS = int(os.getenv("ROUTER_MAX_FALLBACKS", 5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e25c43b3ab7475b8 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:14
DEFAULT_BATCH_SIZE = int(os.getenv("DEFAULT_BATCH_SIZE", 512))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #497699ba280bc2b2 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:15
DEFAULT_FLUSH_INTERVAL_SECONDS = int(os.getenv("DEFAULT_FLUSH_INTERVAL_SECONDS", 5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a3aa062ff816a7a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:17
    os.getenv("DEFAULT_S3_FLUSH_INTERVAL_SECONDS", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3069e41b5bf57a19 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:19
DEFAULT_S3_BATCH_SIZE = int(os.getenv("DEFAULT_S3_BATCH_SIZE", 512))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #660535c010339a60 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:21
    os.getenv("DEFAULT_SQS_FLUSH_INTERVAL_SECONDS", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0819be496650e4ba Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:24
    os.getenv("DEFAULT_NUM_WORKERS_LITELLM_PROXY", 1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58457635d2e26803 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:27
    os.getenv("DYNAMIC_RATE_LIMIT_ERROR_THRESHOLD_PER_MINUTE", 1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #668766c5dda43b35 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:29
DEFAULT_SQS_BATCH_SIZE = int(os.getenv("DEFAULT_SQS_BATCH_SIZE", 512))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e2ff2505b5745bf Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:32
DEFAULT_MAX_RETRIES = int(os.getenv("DEFAULT_MAX_RETRIES", 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d03d7c03a1f97a0 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:33
DEFAULT_MAX_RECURSE_DEPTH = int(os.getenv("DEFAULT_MAX_RECURSE_DEPTH", 100))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b04c1d01add0d14 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:35
    os.getenv("DEFAULT_MAX_RECURSE_DEPTH_SENSITIVE_DATA_MASKER", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e4522da93cd330f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:38
    os.getenv("DEFAULT_FAILURE_THRESHOLD_PERCENT", 0.5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55b71039f27a8ea9 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:40
DEFAULT_MAX_TOKENS = int(os.getenv("DEFAULT_MAX_TOKENS", 4096))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f8a33a0b0823f44 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:41
DEFAULT_ALLOWED_FAILS = int(os.getenv("DEFAULT_ALLOWED_FAILS", 3))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #130a3d62e912253e Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:42
DEFAULT_REDIS_SYNC_INTERVAL = int(os.getenv("DEFAULT_REDIS_SYNC_INTERVAL", 1))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d44dbeb45e88eb7 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:43
DEFAULT_COOLDOWN_TIME_SECONDS = int(os.getenv("DEFAULT_COOLDOWN_TIME_SECONDS", 5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cdba4faf37d0588b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:45
    os.getenv("DEFAULT_REPLICATE_POLLING_RETRIES", 5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd5d7c63ed09e2bb Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:48
    os.getenv("DEFAULT_REPLICATE_POLLING_DELAY_SECONDS", 1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52ace81dcbc100ed Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:50
DEFAULT_IMAGE_TOKEN_COUNT = int(os.getenv("DEFAULT_IMAGE_TOKEN_COUNT", 250))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf254229a8c01d4d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:55
_max_stream_duration_env = os.getenv("LITELLM_MAX_STREAMING_DURATION_SECONDS", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a913fb38cb54de28 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:63
MAX_BASE64_LENGTH_FOR_LOGGING = int(os.getenv("MAX_BASE64_LENGTH_FOR_LOGGING", 64))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa2dbf37098d7659 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:68
    os.getenv("LITELLM_DETAILED_TIMING", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85c087d6345c53ba Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:73
    os.getenv("MODEL_COST_MAP_MIN_MODEL_COUNT", 50)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91630d74d94fcffe Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:76
    os.getenv("MODEL_COST_MAP_MAX_SHRINK_RATIO", 0.5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #895eb914296d640a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:78
DEFAULT_IMAGE_WIDTH = int(os.getenv("DEFAULT_IMAGE_WIDTH", 300))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87cab2ef5f4b346c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:79
DEFAULT_IMAGE_HEIGHT = int(os.getenv("DEFAULT_IMAGE_HEIGHT", 300))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0df7b7c30cbf26d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:84
MAX_IMAGE_URL_DOWNLOAD_SIZE_MB = float(os.getenv("MAX_IMAGE_URL_DOWNLOAD_SIZE_MB", 50))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31897ad0cc87b8e5 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:86
    os.getenv("MAX_SIZE_PER_ITEM_IN_MEMORY_CACHE_IN_KB", 1024)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1943e30df2cfeef Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:89
    os.getenv("SINGLE_DEPLOYMENT_TRAFFIC_FAILURE_THRESHOLD", 1000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7904fdecb26d592 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:92
    os.getenv("DEFAULT_FAILURE_THRESHOLD_MINIMUM_REQUESTS", 5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40242d90e02771dc Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:96
    os.getenv("DEFAULT_REASONING_EFFORT_DISABLE_THINKING_BUDGET", 0)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05ba25fc22c793e4 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:101
    os.getenv("DEFAULT_MCP_SEMANTIC_FILTER_EMBEDDING_MODEL", "text-embedding-3-small")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed08baf411d92eca Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:104
    os.getenv("DEFAULT_MCP_SEMANTIC_FILTER_TOP_K", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0b6b7ce10742f9f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:107
    os.getenv("DEFAULT_MCP_SEMANTIC_FILTER_SIMILARITY_THRESHOLD", 0.3)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e970c3b576eadf2 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:110
    os.getenv("MAX_MCP_SEMANTIC_FILTER_TOOLS_HEADER_LENGTH", 150)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43a99aaf714bf72b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:115
    os.getenv("DEFAULT_SEMANTIC_GUARD_EMBEDDING_MODEL", "text-embedding-3-small")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ea2b415d58b7c9b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:118
    os.getenv("DEFAULT_SEMANTIC_GUARD_SIMILARITY_THRESHOLD", 0.75)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc395802eec2c70e Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:123
    os.getenv("MCP_OAUTH2_TOKEN_EXPIRY_BUFFER_SECONDS", "60")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #514ee0bd4aba5e3d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:126
    os.getenv("MCP_OAUTH2_TOKEN_CACHE_MAX_SIZE", "200")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ecb386448b565d82 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:129
    os.getenv("MCP_OAUTH2_TOKEN_CACHE_DEFAULT_TTL", "3600")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b54f29a2e1b417fc Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:135
MCP_NPM_CACHE_DIR = os.getenv("MCP_NPM_CACHE_DIR", "/tmp/.npm_mcp_cache")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84ef154ec4c39e7b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:136
MCP_OAUTH2_TOKEN_CACHE_MIN_TTL = int(os.getenv("MCP_OAUTH2_TOKEN_CACHE_MIN_TTL", "10"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3862f653f3e07922 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:139
MCP_CLIENT_TIMEOUT = float(os.getenv("LITELLM_MCP_CLIENT_TIMEOUT", "60.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6824adf07b70da44 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:140
MCP_TOOL_LISTING_TIMEOUT = float(os.getenv("LITELLM_MCP_TOOL_LISTING_TIMEOUT", "30.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82ba20ddedeb1628 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:141
MCP_METADATA_TIMEOUT = float(os.getenv("LITELLM_MCP_METADATA_TIMEOUT", "10.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26ad4e9ee75c91eb Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:142
MCP_HEALTH_CHECK_TIMEOUT = float(os.getenv("LITELLM_MCP_HEALTH_CHECK_TIMEOUT", "10.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab334df71cf48ea4 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:151
    os.getenv("DEFAULT_REASONING_EFFORT_MINIMAL_THINKING_BUDGET_GEMINI_2_5_FLASH", 1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26b416adda1ffb35 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:154
    os.getenv("DEFAULT_REASONING_EFFORT_MINIMAL_THINKING_BUDGET_GEMINI_2_5_PRO", 128)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e76f85dbc18ed8b2 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:157
    os.getenv(
        "DEFAULT_REASONING_EFFORT_MINIMAL_THINKING_BUDGET_GEMINI_2_5_FLASH_LITE", 512
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca1ca321c0eab70c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:169
    os.getenv("DEFAULT_REASONING_EFFORT_MINIMAL_THINKING_BUDGET", 128)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25a93b740a4f9476 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:176
    os.getenv("DEFAULT_REASONING_EFFORT_LOW_THINKING_BUDGET", 1024)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5caa8da2629beb8 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:179
    os.getenv("DEFAULT_REASONING_EFFORT_MEDIUM_THINKING_BUDGET", 2048)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8633aa665df66109 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:182
    os.getenv("DEFAULT_REASONING_EFFORT_HIGH_THINKING_BUDGET", 4096)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24802bc88ef8b5e1 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:185
    os.getenv("MAX_TOKEN_TRIMMING_ATTEMPTS", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd6d837838f6055c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:189
    os.getenv("RUNWAYML_DEFAULT_API_VERSION", "2024-11-06")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61f2344dc407b003 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:192
    os.getenv("RUNWAYML_POLLING_TIMEOUT", 600)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1078becfb9f0fd08 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:200
AIOHTTP_CONNECTOR_LIMIT = int(os.getenv("AIOHTTP_CONNECTOR_LIMIT", 1000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d14c7bb471d4e47d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:202
    os.getenv("AIOHTTP_CONNECTOR_LIMIT_PER_HOST", 500)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34f9642f6311dd88 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:204
AIOHTTP_KEEPALIVE_TIMEOUT = int(os.getenv("AIOHTTP_KEEPALIVE_TIMEOUT", 120))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16a569cf45645093 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:205
AIOHTTP_TTL_DNS_CACHE = int(os.getenv("AIOHTTP_TTL_DNS_CACHE", 300))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04ac3770bafafeaf Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:218
_max_size_env = os.getenv("REALTIME_WEBSOCKET_MAX_MESSAGE_SIZE_BYTES")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #908a79e3339e1eb1 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:226
DEFAULT_SSL_CIPHERS = os.getenv(
    "LITELLM_SSL_CIPHERS",
    # Priority 1: TLS 1.3 ciphers (fastest, ~50ms handshake)
    "TLS_AES_256_GCM_SHA384:"  # Fastest observed in testing
    "TLS_AES_128_GCM_SHA256:"  # Slightly faster than 256-bit
    "TLS_CHACHA20_POLY1305_SHA256:"  # Fast on ARM/mobile
    # Priority 2: TLS 1.2 ECDHE+GCM (fast, ~100ms handshake, widely supported)
    "ECDHE-RSA-AES256-GCM-SHA384:"
    "ECDHE-RSA-AES128-GCM-SHA256:"
    "ECDHE-ECDSA-AES256-GCM-SHA384:"
    "ECDHE-ECDSA-AES128-GCM-SHA256:"
    # Priority 3: Additional modern ciphers (good balance)
    "ECDHE-RSA-CHACHA20-POLY1305:" "ECDHE-ECDSA-CHACHA20-POLY1305:"
    # Priority 4: Widely compatible fallbacks (slower but universally supported)
    "ECDHE-RSA-AES256-SHA384:"  # Common fallback
    "ECDHE-RSA-AES128-SHA256:"  # Very widely supported
    "AES256-GCM-SHA384:"  # Non-PFS fallback (compatibility)
    "AES128-GCM-SHA256",  # Last resort (maximum compatibility)
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cce30cd31f4a4f2 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:256
MAX_REDIS_BUFFER_DEQUEUE_COUNT = int(os.getenv("MAX_REDIS_BUFFER_DEQUEUE_COUNT", 100))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df999238fc3b3d03 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:258
LITELLM_ASYNCIO_QUEUE_MAXSIZE = int(os.getenv("LITELLM_ASYNCIO_QUEUE_MAXSIZE", 1000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14d783abe7d32eff Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:259
TOOL_POLICY_CACHE_TTL_SECONDS = int(os.getenv("TOOL_POLICY_CACHE_TTL_SECONDS", 60))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae0c9f3feab202b6 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:263
    os.getenv("MAX_SIZE_IN_MEMORY_QUEUE", int(LITELLM_ASYNCIO_QUEUE_MAXSIZE * 0.8))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a8173a8762df5b3 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:266
    os.getenv("MAX_IN_MEMORY_QUEUE_FLUSH_COUNT", 1000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc432edf1d9df155 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:270
    os.getenv("MINIMUM_PROMPT_CACHE_TOKEN_COUNT", 1024)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f30e09ba47c36ec0 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:273
    os.getenv("DEFAULT_TRIM_RATIO", 0.75)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6302c56b20a6478 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:275
HOURS_IN_A_DAY = int(os.getenv("HOURS_IN_A_DAY", 24))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7005e1542dfcbf2a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:276
DAYS_IN_A_WEEK = int(os.getenv("DAYS_IN_A_WEEK", 7))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6ebb478a5e98998 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:277
DAYS_IN_A_MONTH = int(os.getenv("DAYS_IN_A_MONTH", 28))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1799022373d7fa63 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:278
DAYS_IN_A_YEAR = int(os.getenv("DAYS_IN_A_YEAR", 365))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa573dc0736b139a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:280
    os.getenv("REPLICATE_MODEL_NAME_WITH_ID_LENGTH", 64)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc93887f1baa650f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:283
FUNCTION_DEFINITION_TOKEN_COUNT = int(os.getenv("FUNCTION_DEFINITION_TOKEN_COUNT", 9))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ca242cd5358afaf Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:284
SYSTEM_MESSAGE_TOKEN_COUNT = int(os.getenv("SYSTEM_MESSAGE_TOKEN_COUNT", 4))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a231962ffd011067 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:285
TOOL_CHOICE_OBJECT_TOKEN_COUNT = int(os.getenv("TOOL_CHOICE_OBJECT_TOKEN_COUNT", 4))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7e02a20456f0c26 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:287
    os.getenv("DEFAULT_MOCK_RESPONSE_PROMPT_TOKEN_COUNT", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #900b9ce6fc66f755 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:290
    os.getenv("DEFAULT_MOCK_RESPONSE_COMPLETION_TOKEN_COUNT", 20)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63814c252ed44364 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:293
    os.getenv("MAX_SHORT_SIDE_FOR_IMAGE_HIGH_RES", 768)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90d4fddfbd6d2869 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:296
    os.getenv("MAX_LONG_SIDE_FOR_IMAGE_HIGH_RES", 2000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cf525350e5d1a35 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:298
MAX_TILE_WIDTH = int(os.getenv("MAX_TILE_WIDTH", 512))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3ae9287b772fb12 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:299
MAX_TILE_HEIGHT = int(os.getenv("MAX_TILE_HEIGHT", 512))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c225cf17e6d9d56 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:301
    os.getenv("OPENAI_FILE_SEARCH_COST_PER_1K_CALLS", 2.5 / 1000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08dbaf41c0fe5a7c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:306
    os.getenv("AZURE_FILE_SEARCH_COST_PER_GB_PER_DAY", 0.1)  # $0.1 USD per 1 GB/Day

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0be3d4da8fc7b4c7 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:309
    os.getenv(
        "AZURE_COMPUTER_USE_INPUT_COST_PER_1K_TOKENS", 3.0
    )  # $0.003 USD per 1K Tokens

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aba0198d973a5d2c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:314
    os.getenv(
        "AZURE_COMPUTER_USE_OUTPUT_COST_PER_1K_TOKENS", 12.0
    )  # $0.012 USD per 1K Tokens

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61fdfc31405a880c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:319
    os.getenv(
        "AZURE_VECTOR_STORE_COST_PER_GB_PER_DAY", 0.1
    )  # $0.1 USD per 1 GB/Day (same as file search)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8aa8790a216a33d6 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:323
MIN_NON_ZERO_TEMPERATURE = float(os.getenv("MIN_NON_ZERO_TEMPERATURE", 0.0001))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #942a204e53bd7d04 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:326
    os.getenv("REPEATED_STREAMING_CHUNK_LIMIT", 100)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #671d0106bae19f8d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:330
DEFAULT_MAX_LRU_CACHE_SIZE = int(os.getenv("DEFAULT_MAX_LRU_CACHE_SIZE", 64))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa9731f314254066 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:332
INITIAL_RETRY_DELAY = float(os.getenv("INITIAL_RETRY_DELAY", 0.5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64fdb32b7950a7fb Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:333
MAX_RETRY_DELAY = float(os.getenv("MAX_RETRY_DELAY", 8.0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6c75d4ecc641e28 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:334
JITTER = float(os.getenv("JITTER", 0.75))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c195ae60bcd407ea Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:336
    os.getenv("DEFAULT_IN_MEMORY_TTL", 5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95fd17f9b8a3f85b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:339
    os.getenv("DEFAULT_MAX_REDIS_BATCH_CACHE_SIZE", 1000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd426f9ad0051ccc Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:342
    os.getenv("DEFAULT_POLLING_INTERVAL", 0.03)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fe7db6b85cccb4f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:344
AZURE_OPERATION_POLLING_TIMEOUT = int(os.getenv("AZURE_OPERATION_POLLING_TIMEOUT", 120))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0fee54b3b43b3361 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:346
    os.getenv("AZURE_DOCUMENT_INTELLIGENCE_API_VERSION", "2024-11-30")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c743e23104d70c6 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:349
    os.getenv("AZURE_DOCUMENT_INTELLIGENCE_DEFAULT_DPI", 96)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42c4790fa4758302 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:351
REDIS_SOCKET_TIMEOUT = float(os.getenv("REDIS_SOCKET_TIMEOUT", 0.1))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d73e3f41eedd1f0 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:352
REDIS_CONNECTION_POOL_TIMEOUT = int(os.getenv("REDIS_CONNECTION_POOL_TIMEOUT", 5))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52cb0328bb019fea Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:355
DEFAULT_REDIS_MAJOR_VERSION = int(os.getenv("DEFAULT_REDIS_MAJOR_VERSION", 7))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1e6573f661b13a2 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:357
    os.getenv("NON_LLM_CONNECTION_TIMEOUT", 15)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9bd43d592735dc7e Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:359
MAX_EXCEPTION_MESSAGE_LENGTH = int(os.getenv("MAX_EXCEPTION_MESSAGE_LENGTH", 2000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fab01c3a517517cf Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:360
MAX_STRING_LENGTH_PROMPT_IN_DB = int(os.getenv("MAX_STRING_LENGTH_PROMPT_IN_DB", 2048))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c773bcdf341bf20c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:361
BEDROCK_MAX_POLICY_SIZE = int(os.getenv("BEDROCK_MAX_POLICY_SIZE", 75))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce4b700c7ff5c4fe Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:363
    os.getenv("BEDROCK_MIN_THINKING_BUDGET_TOKENS", 1024)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4e86419bbefbd6d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:366
    os.getenv("REPLICATE_POLLING_DELAY_SECONDS", 0.5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29f5a3666deb5176 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:369
    os.getenv("DEFAULT_ANTHROPIC_CHAT_MAX_TOKENS", 4096)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30bb3d28acaf4c9e Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:371
TOGETHER_AI_4_B = int(os.getenv("TOGETHER_AI_4_B", 4))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #568b69ef91432f2b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:372
TOGETHER_AI_8_B = int(os.getenv("TOGETHER_AI_8_B", 8))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #096eb0734833fb88 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:373
TOGETHER_AI_21_B = int(os.getenv("TOGETHER_AI_21_B", 21))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bc396dfb2eb8248 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:374
TOGETHER_AI_41_B = int(os.getenv("TOGETHER_AI_41_B", 41))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae69ace14873885c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:375
TOGETHER_AI_80_B = int(os.getenv("TOGETHER_AI_80_B", 80))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c6671dad7ed6f99 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:376
TOGETHER_AI_110_B = int(os.getenv("TOGETHER_AI_110_B", 110))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57847999040b860d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:377
TOGETHER_AI_EMBEDDING_150_M = int(os.getenv("TOGETHER_AI_EMBEDDING_150_M", 150))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53a999f601a85b19 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:378
TOGETHER_AI_EMBEDDING_350_M = int(os.getenv("TOGETHER_AI_EMBEDDING_350_M", 350))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #660db999c5883089 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:379
QDRANT_SCALAR_QUANTILE = float(os.getenv("QDRANT_SCALAR_QUANTILE", 0.99))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51bf33f3de8b5caa Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:380
QDRANT_VECTOR_SIZE = int(os.getenv("QDRANT_VECTOR_SIZE", 1536))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7162beddae04b79a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:381
CACHED_STREAMING_CHUNK_DELAY = float(os.getenv("CACHED_STREAMING_CHUNK_DELAY", 0.02))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6275524ff58c7f4a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:383
    os.getenv("AUDIO_SPEECH_CHUNK_SIZE", 8192)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d070c2f4ec83b55 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:386
    os.getenv("MAX_SIZE_PER_ITEM_IN_MEMORY_CACHE_IN_KB", 512)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3be832e48b0e45aa Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:388
DEFAULT_MAX_TOKENS_FOR_TRITON = int(os.getenv("DEFAULT_MAX_TOKENS_FOR_TRITON", 2000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66311fe17cdeb435 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:390
request_timeout: float = float(os.getenv("REQUEST_TIMEOUT", 6000))  # time in seconds

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aeb9f66ffd9c0f2d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:392
    os.getenv("DEFAULT_A2A_AGENT_TIMEOUT", 6000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dacb28d181c2742c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:414
    os.getenv("DEFAULT_REPLICATE_GPU_PRICE_PER_SECOND", 0.001400)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e7a6b477be26458 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:416
FIREWORKS_AI_56_B_MOE = int(os.getenv("FIREWORKS_AI_56_B_MOE", 56))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d701c58586ec8408 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:417
FIREWORKS_AI_176_B_MOE = int(os.getenv("FIREWORKS_AI_176_B_MOE", 176))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fae93c1453c9ee02 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:418
FIREWORKS_AI_4_B = int(os.getenv("FIREWORKS_AI_4_B", 4))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10479f53272a6f22 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:419
FIREWORKS_AI_16_B = int(os.getenv("FIREWORKS_AI_16_B", 16))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f999a770f5ac77ba Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:420
FIREWORKS_AI_80_B = int(os.getenv("FIREWORKS_AI_80_B", 80))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1b025eec87c5932 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:424
    os.getenv("MAX_LANGFUSE_INITIALIZED_CLIENTS", 50)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #539c5858dbf8d182 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:427
    os.getenv("LOGGING_WORKER_CONCURRENCY", 100)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #889144c42deb62d6 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:429
LOGGING_WORKER_MAX_QUEUE_SIZE = int(os.getenv("LOGGING_WORKER_MAX_QUEUE_SIZE", 50_000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d94ddc0f30aa3184 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:431
    os.getenv("LOGGING_WORKER_MAX_TIME_PER_COROUTINE", 20.0)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c7be3f2edcabc77 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:434
    os.getenv("LOGGING_WORKER_CLEAR_PERCENTAGE", 50)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77494135cb7f75d0 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:436
MAX_ITERATIONS_TO_CLEAR_QUEUE = int(os.getenv("MAX_ITERATIONS_TO_CLEAR_QUEUE", 200))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2535ea32b2504070 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:437
MAX_TIME_TO_CLEAR_QUEUE = float(os.getenv("MAX_TIME_TO_CLEAR_QUEUE", 5.0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e6545ee368913ae Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:439
    os.getenv("LOGGING_WORKER_AGGRESSIVE_CLEAR_COOLDOWN_SECONDS", 0.5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b183a88c71749b6 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:441
DD_TRACER_STREAMING_CHUNK_YIELD_RESOURCE = os.getenv(
    "DD_TRACER_STREAMING_CHUNK_YIELD_RESOURCE", "streaming.chunk.yield"
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57204598aa1f0bbf Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:446
    os.getenv("EMAIL_BUDGET_ALERT_TTL", 24 * 60 * 60)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eee6d2b81d1ad67f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:449
    os.getenv("EMAIL_BUDGET_ALERT_MAX_SPEND_ALERT_PERCENTAGE", 0.8)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03d1e00438c33ffc Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:453
ANTHROPIC_TOKEN_COUNTING_BETA_VERSION = os.getenv(
    "ANTHROPIC_TOKEN_COUNTING_BETA_VERSION", "token-counting-2024-11-01"
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de59bed2b2455778 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:471
    os.getenv("DEFAULT_GOOGLE_VIDEO_DURATION_SECONDS", 8)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2b7a5a1ecb05ba3 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:476
    os.getenv("DEFAULT_DATAFORSEO_LOCATION_CODE", 2250)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89efc168aa52c538 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1220
    os.getenv("HUMANLOOP_PROMPT_CACHE_TTL_SECONDS", 60)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95fb42453aacf0a6 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1227
    os.getenv("PROMETHEUS_BUDGET_METRICS_REFRESH_INTERVAL_MINUTES", 5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e84752958f9c3300 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1230
    os.getenv("CLOUDZERO_EXPORT_INTERVAL_MINUTES", 60)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b295a5db53e277aa Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1233
MAXIMUM_TRACEBACK_LINES_TO_LOG = int(os.getenv("MAXIMUM_TRACEBACK_LINES_TO_LOG", 100))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a298a65772b398c7 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1256
    os.getenv("MAX_SPENDLOG_ROWS_TO_QUERY", 1_000_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1fe85c70935aa646 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1259
    os.getenv("DEFAULT_SOFT_BUDGET", 50.0)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95ca28421ae6d3af Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1266
PYTHON_GC_THRESHOLD = os.getenv("PYTHON_GC_THRESHOLD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1d72ea81f93a388 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1295
    os.getenv("BATCH_STATUS_POLL_INTERVAL_SECONDS", 3600)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4575668115f2f59 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1298
    os.getenv("BATCH_STATUS_POLL_MAX_ATTEMPTS", 24)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f1cc090c1433959 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1302
    os.getenv("HEALTH_CHECK_TIMEOUT_SECONDS", 60)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee4be45b4dd2462b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1309
LITELLM_KEY_ROTATION_ENABLED = os.getenv("LITELLM_KEY_ROTATION_ENABLED", "false")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c801f7118a1cc74c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1311
    os.getenv("LITELLM_KEY_ROTATION_CHECK_INTERVAL_SECONDS", 86400)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #810472b36d089130 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1313
LITELLM_KEY_ROTATION_GRACE_PERIOD: str = os.getenv(
    "LITELLM_KEY_ROTATION_GRACE_PERIOD", ""
)  # Duration to keep old key valid after rotation (e.g. "24h", "2d"); empty = immediate revoke (default)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0daeeb2c57e03350 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1326
    os.getenv("CLI_JWT_EXPIRATION_HOURS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d9b687a7121fbe5 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1327
    or os.getenv("LITELLM_CLI_JWT_EXPIRATION_HOURS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2560c350a03d29fd Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1334
LITELLM_UI_SESSION_DURATION = os.getenv("LITELLM_UI_SESSION_DURATION", "24h")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #487ea4fadfd420f3 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1341
    os.getenv("CLOUDZERO_MAX_FETCHED_DATA_RECORDS", 50000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95b1bac8533714ea Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1344
SPEND_LOG_RUN_LOOPS = int(os.getenv("SPEND_LOG_RUN_LOOPS", 500))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c3f0755baacd557 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1345
SPEND_LOG_CLEANUP_BATCH_SIZE = int(os.getenv("SPEND_LOG_CLEANUP_BATCH_SIZE", 1000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ee8ad00c94c864f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1346
SPEND_LOG_QUEUE_SIZE_THRESHOLD = int(os.getenv("SPEND_LOG_QUEUE_SIZE_THRESHOLD", 100))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0eb5ab3024fe9ca4 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1347
SPEND_LOG_QUEUE_POLL_INTERVAL = float(os.getenv("SPEND_LOG_QUEUE_POLL_INTERVAL", 2.0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cbdce0c75fa8054f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1349
    os.getenv("DEFAULT_CRON_JOB_LOCK_TTL_SECONDS", 60)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #901071b5ccc36ba1 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1352
    os.getenv("PROXY_BUDGET_RESCHEDULER_MIN_TIME", 597)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6db1aeca34c714ae Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1354
PROXY_BATCH_POLLING_INTERVAL = int(os.getenv("PROXY_BATCH_POLLING_INTERVAL", 3600))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec72cb2f9fe2dfbc Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1355
MAX_OBJECTS_PER_POLL_CYCLE = max(1, int(os.getenv("MAX_OBJECTS_PER_POLL_CYCLE", 50)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #910c129ac0812d0a Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1357
    1, int(os.getenv("MANAGED_OBJECT_STALENESS_CUTOFF_DAYS", 7))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86bff93f6b5f3323 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1362
_batch_polling_env = os.getenv("PROXY_BATCH_POLLING_ENABLED", "true").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #063d714602f43cac Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1365
    os.getenv("PROXY_BUDGET_RESCHEDULER_MAX_TIME", 605)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1470a1df54479ea0 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1368
    os.getenv("PROXY_BATCH_WRITE_AT", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58554715f57bf840 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1373
APSCHEDULER_COALESCE = os.getenv("APSCHEDULER_COALESCE", "True").lower() in [

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #adaf34409833a3bf Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1378
    os.getenv("APSCHEDULER_MISFIRE_GRACE_TIME", 3600)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35a2601b5439d22b Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1381
    os.getenv("APSCHEDULER_MAX_INSTANCES", 1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d94572fe1eae211 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1383
APSCHEDULER_REPLACE_EXISTING = os.getenv(
    "APSCHEDULER_REPLACE_EXISTING", "True"
).lower() in [

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a13f0b1fdd6a4e57 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1391
    os.getenv("DEFAULT_HEALTH_CHECK_INTERVAL", 300)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28b0690cbccf1a53 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1394
    os.getenv("DEFAULT_SHARED_HEALTH_CHECK_TTL", 300)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d691800b143fae24 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1397
    os.getenv("DEFAULT_SHARED_HEALTH_CHECK_LOCK_TTL", 60)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c65cc0c8fc25112 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1400
    os.getenv("PROMETHEUS_FALLBACK_STATS_SEND_TIME_HOURS", 9)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a7a2d0ac32631b3 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1403
    os.getenv("DEFAULT_MODEL_CREATED_AT_TIME", 1677610602)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #606537383651bac4 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1406
    os.getenv("DEFAULT_SLACK_ALERTING_THRESHOLD", 300)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9f50a1546eee167 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1408
MAX_TEAM_LIST_LIMIT = int(os.getenv("MAX_TEAM_LIST_LIMIT", 20))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f14b57b882905022 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1410
    os.getenv("MAX_POLICY_ESTIMATE_IMPACT_ROWS", 1000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #972058dcee23c0ae Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1413
    os.getenv("DEFAULT_PROMPT_INJECTION_SIMILARITY_THRESHOLD", 0.7)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fdcfeb175c716df Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1415
LENGTH_OF_LITELLM_GENERATED_KEY = int(os.getenv("LENGTH_OF_LITELLM_GENERATED_KEY", 16))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de6d56d55e43b270 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1417
    os.getenv("SECRET_MANAGER_REFRESH_INTERVAL", 86400)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59da3491c6f7ff12 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1431
    os.getenv("DEFAULT_MANAGEMENT_OBJECT_IN_MEMORY_CACHE_TTL", 60)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #641b9069c841f41e Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1433
DEFAULT_ACCESS_GROUP_CACHE_TTL = int(os.getenv("DEFAULT_ACCESS_GROUP_CACHE_TTL", 600))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14a9f066be9a10b0 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1503
    os.getenv("COROUTINE_CHECKER_MAX_SIZE_IN_MEMORY", 1000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42a2cecf2d4ced78 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1507
DEFAULT_CHUNK_SIZE = int(os.getenv("DEFAULT_CHUNK_SIZE", 1000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf84ac15a81d0d20 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1508
DEFAULT_CHUNK_OVERLAP = int(os.getenv("DEFAULT_CHUNK_OVERLAP", 200))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d32ede8006725fbc Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1511
S3_VECTORS_DEFAULT_DIMENSION = int(os.getenv("S3_VECTORS_DEFAULT_DIMENSION", 1024))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cff3614fd919a3e2 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1513
    os.getenv("S3_VECTORS_DEFAULT_DISTANCE_METRIC", "cosine")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c4f1dbd803aef6c Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1519
    os.getenv("MICROSOFT_USER_EMAIL_ATTRIBUTE", "userPrincipalName")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c41b80c72ddfad9f Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1522
    os.getenv("MICROSOFT_USER_DISPLAY_NAME_ATTRIBUTE", "displayName")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3129433ef741a9b9 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1524
MICROSOFT_USER_ID_ATTRIBUTE = str(os.getenv("MICROSOFT_USER_ID_ATTRIBUTE", "id"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0bb1c93d39a0fc23 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1526
    os.getenv("MICROSOFT_USER_FIRST_NAME_ATTRIBUTE", "givenName")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2feee6133ddba786 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1529
    os.getenv("MICROSOFT_USER_LAST_NAME_ATTRIBUTE", "surname")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7efc49fd52f648b0 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1535
    os.getenv("MAX_PAYLOAD_SIZE_FOR_DEBUG_LOG", 102400)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73589b8eecb97b7d Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1539
MAX_COMPETITOR_NAMES = int(os.getenv("MAX_COMPETITOR_NAMES", 100))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d1c0ada27084c68 Environment-variable access.
pkgs/python/[email protected]/litellm/constants.py:1540
COMPETITOR_LLM_TEMPERATURE = float(os.getenv("COMPETITOR_LLM_TEMPERATURE", 0.3))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2fa2fa4abbba902 Filesystem access.
pkgs/python/[email protected]/litellm/containers/endpoint_factory.py:39
    with open(config_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #329ca1a619be94eb Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:205
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c4babb8e221e01d Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:206
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d81789a3e253f92a Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:212
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4cfaa32873ea889 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:220
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61c90c433bbc5675 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:430
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8e22e2572adc044 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:431
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b65017b4d578859 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:437
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dda9250153a6b6cf Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:445
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91e5a848459f42a3 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:592
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01165e1043746bac Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:593
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7f022fb1c98f0a9 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:599
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #756f2a6bb5856273 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:607
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eeef98c0cd5e4c9a Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:749
                or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d21210f7d447086 Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:750
                or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a19cf8a32091e6c Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:756
                or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #696a34203ee7146b Environment-variable access.
pkgs/python/[email protected]/litellm/fine_tuning/main.py:763
                or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fbd83c23770d520a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1120
    base_url={os.getenv("PROXY_BASE_URL", "http://0.0.0.0:4000")}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a48180fca7c6896 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1165
        webhook_url = os.getenv("WEBHOOK_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cfdd7c87e0494c2c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1214
            email_logo_url = os.getenv(
                "SMTP_SENDER_LOGO", os.getenv("EMAIL_LOGO_URL", None)
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e396e456bf6e3fc2 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1215
                "SMTP_SENDER_LOGO", os.getenv("EMAIL_LOGO_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c3a7f54c39cd3af Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1217
            email_support_contact = os.getenv("EMAIL_SUPPORT_CONTACT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b65a29fd28d97b38 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1243
            base_url = os.getenv("PROXY_BASE_URL", "http://0.0.0.0:4000")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #795c0728d201c45d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1316
        email_logo_url = os.getenv(
            "SMTP_SENDER_LOGO", os.getenv("EMAIL_LOGO_URL", None)
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #689ac130d88449a1 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1317
            "SMTP_SENDER_LOGO", os.getenv("EMAIL_LOGO_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8793ea8dd4410bf4 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1319
        email_support_contact = os.getenv("EMAIL_SUPPORT_CONTACT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ed722253d0c5552 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1452
                _digest_webhook = os.getenv("SLACK_WEBHOOK_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9ae9411aab090ef Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1479
        _proxy_base_url = os.getenv("PROXY_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e9e1cd48796aaf1 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1508
            slack_webhook_url = os.getenv("SLACK_WEBHOOK_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d64ca916d6496af Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/SlackAlerting/slack_alerting.py:1586
                _proxy_base_url = os.getenv("PROXY_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #724c0c85cef0e04c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/agentops/agentops.py:23
            api_key=os.getenv("AGENTOPS_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb743da765b15b15 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/agentops/agentops.py:24
            service_name=os.getenv("AGENTOPS_SERVICE_NAME", "agentops"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d93605b2f2534fd5 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/agentops/agentops.py:25
            deployment_environment=os.getenv("AGENTOPS_ENVIRONMENT", "production"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85dfe224e39dcdb4 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:63
            float(os.getenv("ARGILLA_SAMPLING_RATE"))  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #960d93f0734221ce Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:64
            if os.getenv("ARGILLA_SAMPLING_RATE") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59dd300e1f056483 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:65
            and os.getenv("ARGILLA_SAMPLING_RATE").strip().isdigit()  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e0c181ece738f63 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:73
            os.getenv("ARGILLA_BATCH_SIZE", None) or litellm.argilla_batch_size

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3bc81138e1acb57 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:101
        _credentials_api_key = argilla_api_key or os.getenv("ARGILLA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba3879cac0c59816 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:107
            or os.getenv("ARGILLA_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ed4b5cc966a3ff9 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:117
            or os.getenv("ARGILLA_DATASET_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8151456c4a3e6b4 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:238
                float(os.getenv("LANGSMITH_SAMPLING_RATE"))  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b4fcdb1b004a9ea Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:239
                if os.getenv("LANGSMITH_SAMPLING_RATE") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42b8a694c0db7c2f Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/argilla.py:240
                and os.getenv("LANGSMITH_SAMPLING_RATE").strip().isdigit()  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5ae8d98c4920f11 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/__init__.py:22
    api_key = getattr(litellm_params, "api_key", None) or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70e1cae097270427 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/__init__.py:22
    api_key = getattr(litellm_params, "api_key", None) or os.environ.get(
        "PHOENIX_API_KEY"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d563817739305f1 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:86
        space_id = os.environ.get("ARIZE_SPACE_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72b7b7b25fd28a51 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:87
        space_key = os.environ.get("ARIZE_SPACE_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a28999098dc361a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:88
        api_key = os.environ.get("ARIZE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04692e8c22f043c1 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:89
        project_name = os.environ.get("ARIZE_PROJECT_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5bf5e34e3ce8130c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:91
        grpc_endpoint = os.environ.get("ARIZE_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7be5a2eb99c17df1 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize.py:92
        http_endpoint = os.environ.get("ARIZE_HTTP_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0adb1dfdde8f12d9 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:285
        api_key = os.environ.get("PHOENIX_API_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a973de758eecd232 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:287
        collector_endpoint = os.environ.get("PHOENIX_COLLECTOR_HTTP_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f89db57c059aad37 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:290
            grpc_endpoint = os.environ.get("PHOENIX_COLLECTOR_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d184d310ae287d5d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:291
            http_endpoint = os.environ.get("PHOENIX_COLLECTOR_HTTP_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92bdb3ae46fb5a31 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/arize/arize_phoenix.py:337
        project_name = os.environ.get("PHOENIX_PROJECT_NAME", "default")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #849ba66614aecb27 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/athina.py:10
        self.athina_api_key = os.getenv("ATHINA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64b9917a102531ab Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/athina.py:16
            os.getenv("ATHINA_BASE_URL", "https://log.athina.ai")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #2b738b29aff51651 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/athina.py:90
            response = litellm.module_level_client.post(
                self.athina_logging_url,
                headers=self.headers,
                data=json.dumps(data, default=str),
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #3e846a052be6c621 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:65
        self.dcr_immutable_id = dcr_immutable_id or os.getenv(
            "AZURE_SENTINEL_DCR_IMMUTABLE_ID"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a435a2aa90d07a46 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:68
        self.stream_name = stream_name or os.getenv(
            "AZURE_SENTINEL_STREAM_NAME", "Custom-LiteLLM"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a61a15c1baaf126 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:71
        self.endpoint = endpoint or os.getenv("AZURE_SENTINEL_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #019e441d8a216349 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:74
            or os.getenv("AZURE_SENTINEL_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e70a3447f822563 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:75
            or os.getenv("AZURE_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38e9cbf9b805a5d6 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:79
            or os.getenv("AZURE_SENTINEL_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2dcb7d60442ce7d4 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:80
            or os.getenv("AZURE_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d08e8713380a794 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:84
            or os.getenv("AZURE_SENTINEL_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1fd8ca1b5333ef1b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_sentinel/azure_sentinel.py:85
            or os.getenv("AZURE_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4207662f608a1a76 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:32
            self.tenant_id = os.getenv("AZURE_STORAGE_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #780dfdd396441ff4 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:33
            self.client_id = os.getenv("AZURE_STORAGE_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd3c886672aee727 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:34
            self.client_secret = os.getenv("AZURE_STORAGE_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03c6d700157707a6 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:35
            self.azure_storage_account_key: Optional[str] = os.getenv(
                "AZURE_STORAGE_ACCOUNT_KEY"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de0f5677654836e8 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:40
            _azure_storage_account_name = os.getenv("AZURE_STORAGE_ACCOUNT_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ee0458a9afb7c42 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:46
            _azure_storage_file_system = os.getenv("AZURE_STORAGE_FILE_SYSTEM")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #ef1d430d7131da43 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/azure_storage/azure_storage.py:199
            response = await client.put(f"{base_url}?resource=file", headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #606efd239acaebc9 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/braintrust_logging.py:48
        self.api_base = api_base or os.getenv("BRAINTRUST_API_BASE") or API_BASE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ff1aa85ec7b30c7 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/braintrust_logging.py:50
        self.api_key: str = api_key or os.getenv("BRAINTRUST_API_KEY")  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1736d1397877bae2 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/braintrust_logging.py:71
        if api_key is None and os.getenv("BRAINTRUST_API_KEY", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #ab0d99f6bd5e81c6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/braintrust_logging.py:86
            response = self.global_braintrust_sync_http_handler.post(
                f"{self.api_base}/project",
                headers=self.headers,
                json={"name": project_name},
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #47777e5f4016e380 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/braintrust_logging.py:106
            response = await self.global_braintrust_http_handler.post(
                f"{self.api_base}/project/register",
                headers=self.headers,
                json={"name": project_name},
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #25639ea425648190 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/braintrust_logging.py:119
        project = await self.global_braintrust_http_handler.post(
            f"{self.api_base}/project", headers=self.headers, json={"name": "litellm"}
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e529f90e34a9ee35 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/braintrust_logging.py:128
        project = self.global_braintrust_sync_http_handler.post(
            f"{self.api_base}/project", headers=self.headers, json={"name": "litellm"}
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #3d824ee387216b81 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/braintrust_mock_client.py:54
_MOCK_LATENCY_SECONDS = float(os.getenv("BRAINTRUST_MOCK_LATENCY_MS", "100")) / 1000.0

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf23254dd7cba309 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/cloudzero/cloudzero.py:37
        self.api_key = api_key or os.getenv("CLOUDZERO_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #192f6454e069f7bd Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/cloudzero/cloudzero.py:38
        self.connection_id = connection_id or os.getenv("CLOUDZERO_CONNECTION_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5c7abcdedaac539 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/cloudzero/cloudzero.py:39
        self.timezone = timezone or os.getenv("CLOUDZERO_TIMEZONE", "UTC")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #55144fac8b3786fd Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/cloudzero/cz_stream_api.py:191
                response = client.post(url, headers=headers, json=payload)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #ba37f1cbd391645d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:116
            dd_agent_host = os.getenv("LITELLM_DD_AGENT_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a06aff2c5d4f3303 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:162
        dd_agent_port = os.getenv(
            "LITELLM_DD_AGENT_PORT", "10518"
        )  # default port for logs

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9878fa6c3d6f6cb9 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:166
        self.DD_API_KEY = os.getenv("DD_API_KEY")  # Optional when using agent

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbf6a4ee8812bea2 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:176
        if os.getenv("DD_API_KEY", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99e90b8c1f347f96 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:178
        if os.getenv("DD_SITE", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ea60cf18e2e26c1 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:181
        self.DD_API_KEY = os.getenv("DD_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f75f325e35ef0d9 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog.py:182
        self.intake_url = f"https://http-intake.logs.{os.getenv('DD_SITE')}/api/v2/logs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d5c8888c55dee60 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_cost_management.py:21
        self.dd_api_key = os.getenv("DD_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3cf6ce767811b42 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_cost_management.py:22
        self.dd_app_key = os.getenv("DD_APP_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17ef82d5f43b812d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_cost_management.py:23
        self.dd_site = os.getenv("DD_SITE", "datadoghq.com")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #5e9275fc73c33592 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_cost_management.py:208
        response = await self.async_client.put(
            self.upload_url, content=data_json, headers=headers
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #3bffba96f2d2d318 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_handler.py:12
    return os.getenv("DD_SOURCE", "litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dcc467bd87a090ba Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_handler.py:16
    return os.getenv("DD_SERVICE", "litellm-server")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe2495487d792e4c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_handler.py:20
    return os.getenv("HOSTNAME", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #230c1ff03df66f8c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_handler.py:28
    return os.getenv("DD_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50a75a2ac403c125 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_handler.py:32
    return os.getenv("DD_ENV", "unknown")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4105168c7294648d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_handler.py:36
    return os.getenv("POD_NAME", "unknown")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88ac21151817307c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_handler.py:47
        "version": os.getenv("DD_VERSION", "unknown"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c92f6d49efe7de9 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_llm_obs.py:63
            dd_agent_host = os.getenv("LITELLM_DD_AGENT_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc7a8d556499e9bf Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_llm_obs.py:68
            self.DD_API_KEY = os.getenv("DD_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #981db9e782f71035 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_llm_obs.py:74
                if os.getenv("DD_API_KEY", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1369511af3009fd2 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_llm_obs.py:76
                if os.getenv("DD_SITE", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8db6170a5e34370c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_llm_obs.py:109
        agent_port = os.getenv("LITELLM_DD_LLM_OBS_PORT", "8126")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd8d47ac86dffa3b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_llm_obs.py:123
        self.DD_SITE = os.getenv("DD_SITE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53639452a528d7b9 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_metrics.py:32
        self.dd_api_key = os.getenv("DD_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f1cb34c632e1096 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_metrics.py:33
        self.dd_app_key = os.getenv("DD_APP_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abf9a61de303f3d0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_metrics.py:34
        self.dd_site = os.getenv("DD_SITE", "datadoghq.com")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26507bb2d13b06f8 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_metrics.py:76
            f"version:{os.getenv('DD_VERSION', 'unknown')}",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #cd52b6f42e011eee Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/datadog/datadog_metrics.py:239
        response = await self.async_client.post(
            self.upload_url, content=compressed_data, headers=headers  # type: ignore
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #e28318ade2d90091 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/deepeval/deepeval.py:24
        api_key = os.getenv("CONFIDENT_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44f4de1b15b6f6a7 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/deepeval/deepeval.py:25
        self.litellm_environment = os.getenv("LITELM_ENVIRONMENT", "development")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1a7c0683a5f98e7 Filesystem access.
pkgs/python/[email protected]/litellm/integrations/dotprompt/prompt_manager.py:153
        content = file_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5ad314ec3ab5048 Filesystem access.
pkgs/python/[email protected]/litellm/integrations/dotprompt/prompt_manager.py:320
        content = file_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f7373a4ff5d9870 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/dynamodb.py:20
            "dynamodb", region_name=os.environ["AWS_REGION_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de71b65beef74942 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/email_alerting.py:82
    email_logo_url = os.getenv("SMTP_SENDER_LOGO", os.getenv("EMAIL_LOGO_URL", None))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #853b545553d8cf64 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/email_alerting.py:83
    email_support_contact = os.getenv("EMAIL_SUPPORT_CONTACT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b38c68a335e12a43 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:45
                or os.getenv("FOCUS_S3_BUCKET_NAME"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89c260b4545fb210 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:47
                or os.getenv("FOCUS_S3_REGION_NAME"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e30491f6dfbf9a3 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:49
                or os.getenv("FOCUS_S3_ENDPOINT_URL"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85c8f8ab47d009f8 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:51
                or os.getenv("FOCUS_S3_ACCESS_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4fe53f54e12b5a62 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:53
                or os.getenv("FOCUS_S3_SECRET_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b52c9aef9e83551a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:55
                or os.getenv("FOCUS_S3_SESSION_TOKEN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #177194280d3239a5 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:63
                or os.getenv("VANTAGE_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94d70da39c1d5851 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:65
                or os.getenv("VANTAGE_INTEGRATION_TOKEN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59fecdf4af861a79 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/factory.py:67
                or os.getenv("VANTAGE_BASE_URL", "https://api.vantage.sh"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #7d4f07ca41ef5e6c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/focus/destinations/vantage_destination.py:165
        await client.post(
            url,
            headers=headers,
            files={"csv": (filename, csv_bytes, "text/csv")},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #b1f734db84b0cc6a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/focus_logger.py:41
        self.provider = (provider or os.getenv("FOCUS_PROVIDER") or "s3").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c500c38ec7647e03 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/focus_logger.py:43
            export_format or os.getenv("FOCUS_FORMAT") or "parquet"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cdda8960b6a626c3 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/focus_logger.py:45
        self.frequency = (frequency or os.getenv("FOCUS_FREQUENCY") or "hourly").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c53aa188a1996eef Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/focus_logger.py:49
            else int(os.getenv("FOCUS_CRON_OFFSET", "5"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8ab5c6f0d8ffb11 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/focus_logger.py:54
            else os.getenv("FOCUS_INTERVAL_SECONDS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a528288cd7cf266 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/focus/focus_logger.py:65
        env_prefix = os.getenv("FOCUS_PREFIX")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea4403b3dcb844ee Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/galileo.py:40
        self.base_url = os.getenv("GALILEO_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #922afced1a9e87d8 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/galileo.py:41
        self.project_id = os.getenv("GALILEO_PROJECT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #061424c9d608050b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/galileo.py:59
                "username": os.getenv("GALILEO_USERNAME"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75ae1586a4438ef1 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/galileo.py:60
                "password": os.getenv("GALILEO_PASSWORD"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d403790bb1fa71a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket.py:32
        self.batch_size = int(os.getenv("GCS_BATCH_SIZE", GCS_DEFAULT_BATCH_SIZE))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8d525e0bd86caa3 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket.py:34
            os.getenv("GCS_FLUSH_INTERVAL", GCS_DEFAULT_FLUSH_INTERVAL_SECONDS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3523a4a644bd11c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket.py:37
            os.getenv(
                "GCS_USE_BATCHED_LOGGING", str(GCS_DEFAULT_USE_BATCHED_LOGGING).lower()
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74c8cd8e0b76ad13 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket_base.py:39
        _path_service_account = os.getenv("GCS_PATH_SERVICE_ACCOUNT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c0f2efc453bef72 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket_base.py:40
        _bucket_name = bucket_name or os.getenv("GCS_BUCKET_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #980cc77caf861cc7 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_bucket/gcs_bucket_base.py:90
        project_id = os.getenv("GOOGLE_SECRET_MANAGER_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4288725b142d0f84 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_pubsub/pub_sub.py:55
        self.project_id = project_id or os.getenv("GCS_PUBSUB_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5da6408382992477 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_pubsub/pub_sub.py:56
        self.topic_id = topic_id or os.getenv("GCS_PUBSUB_TOPIC_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f69552e921df044 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/gcs_pubsub/pub_sub.py:57
        self.path_service_account_json = credentials_path or os.getenv(
            "GCS_PATH_SERVICE_ACCOUNT"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18e239fdaa18d059 Filesystem access.
pkgs/python/[email protected]/litellm/integrations/generic_api/generic_api_callback.py:42
        with open(json_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a03a0b7803131dfe Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/generic_api/generic_api_callback.py:93
        return os.getenv(env_var_name, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca5a0cebf0350b64 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/generic_api/generic_api_callback.py:155
        endpoint = endpoint or os.getenv("GENERIC_LOGGER_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11f58d48caee5e6f Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/generic_api/generic_api_callback.py:205
        env_headers = os.getenv("GENERIC_LOGGER_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08c6ddb225ca1c61 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/greenscale.py:12
        self.greenscale_api_key = os.getenv("GREENSCALE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #384a7d4adeab1006 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/greenscale.py:17
        self.greenscale_logging_url = os.getenv("GREENSCALE_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #acc6588b51d67f40 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/greenscale.py:57
            response = litellm.module_level_client.post(
                self.greenscale_logging_url,
                headers=self.headers,
                data=json.dumps(data, default=str),
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #10a5121a9151dcf0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/helicone.py:39
        self.key = os.getenv("HELICONE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8538c497b46a638 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/helicone.py:40
        self.api_base = os.getenv("HELICONE_API_BASE") or "https://api.hconeai.com"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #6d49f1b294057559 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/helicone.py:213
            response = litellm.module_level_client.post(url, headers=headers, json=data)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #dfd811745c762fb2 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:53
        if os.getenv("LAGO_API_KEY", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3303854b3bfe6eb7 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:56
        if os.getenv("LAGO_API_BASE", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a5d2b9ef8e9c5cb Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:59
        if os.getenv("LAGO_API_EVENT_CODE", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c7e287314165dd3 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:92
        if os.getenv("LAGO_API_CHARGE_BY", None) is not None and isinstance(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c686c4810ed1db4e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:93
            os.environ["LAGO_API_CHARGE_BY"], str

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #911eb7191b51dfdf Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:95
            if os.environ["LAGO_API_CHARGE_BY"] in [

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c49b2c8bbfcb651 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:100
                charge_by = os.environ["LAGO_API_CHARGE_BY"]  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ab2d8bf94bc9a8a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:122
                "code": os.getenv("LAGO_API_EVENT_CODE"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b400dd500abf58c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:133
        _url = os.getenv("LAGO_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c23920c3dd2012b1 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:142
        api_key = os.getenv("LAGO_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1196a7da4f1b970 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:167
            _url = os.getenv("LAGO_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b64e472e4c309d10 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/lago.py:178
            api_key = os.getenv("LAGO_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec234fa5f7d4c00b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:110
        self.secret_key = langfuse_secret or os.getenv("LANGFUSE_SECRET_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #407d9489604f1dbf Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:111
        self.public_key = langfuse_public_key or os.getenv("LANGFUSE_PUBLIC_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43ece2d7d6e67c34 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:112
        self.langfuse_host = langfuse_host or os.getenv(
            "LANGFUSE_HOST", "https://cloud.langfuse.com"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #839c24739cbf8860 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:121
        self.langfuse_release = os.getenv("LANGFUSE_RELEASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80f5f7f2d2578d78 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:122
        self.langfuse_debug = os.getenv("LANGFUSE_DEBUG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3cc46d1c14d9bce Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:153
            os.environ["LANGFUSE_PROJECT_ID"] = "mock-project-id"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26a8ab15e64c36c5 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:158
                os.environ["LANGFUSE_PROJECT_ID"] = project_id

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87d4cbf97586f13e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:162
        if os.getenv("UPSTREAM_LANGFUSE_SECRET_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #286843d01379c957 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:168
            self.upstream_langfuse_secret_key = os.getenv(
                "UPSTREAM_LANGFUSE_SECRET_KEY"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #051cbcadc717dbe3 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:171
            self.upstream_langfuse_public_key = os.getenv(
                "UPSTREAM_LANGFUSE_PUBLIC_KEY"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0affb91c91d34db Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:174
            self.upstream_langfuse_host = os.getenv("UPSTREAM_LANGFUSE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff92b48504724a36 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:175
            self.upstream_langfuse_release = os.getenv("UPSTREAM_LANGFUSE_RELEASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e64148318500f4df Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:176
            self.upstream_langfuse_debug = os.getenv("UPSTREAM_LANGFUSE_DEBUG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e33fcc8da4733556 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:716
                proxy_base_url = os.environ.get("PROXY_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #143189ae72673e72 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse.py:1030
        return int(os.getenv("LANGFUSE_FLUSH_INTERVAL") or flush_interval)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce97456117f160f1 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:235
        langfuse_environment = os.environ.get("LANGFUSE_TRACING_ENVIRONMENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6cf2aeef68c6c7e8 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:265
        return os.environ.get("LANGFUSE_OTEL_HOST") or os.environ.get("LANGFUSE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93265f8dd08a607d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:274
        public_key = os.environ.get("LANGFUSE_PUBLIC_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #925ae57c848eb8a5 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:275
        secret_key = os.environ.get("LANGFUSE_SECRET_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5d460b6fcd876ec Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:322
        public_key = os.environ.get("LANGFUSE_PUBLIC_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c566f36ee70a010b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_otel.py:323
        secret_key = os.environ.get("LANGFUSE_SECRET_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4cf8785a27b9af3 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_prompt_management.py:76
        langfuse_secret or langfuse_secret_key or os.getenv("LANGFUSE_SECRET_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3703913606f5cd9f Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_prompt_management.py:78
    public_key = langfuse_public_key or os.getenv("LANGFUSE_PUBLIC_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b04708bd62aea8b6 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_prompt_management.py:79
    langfuse_host = langfuse_host or os.getenv(
        "LANGFUSE_HOST", "https://cloud.langfuse.com"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c5190af6b226ed6 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_prompt_management.py:89
    langfuse_release = os.getenv("LANGFUSE_RELEASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27fb5c35a68a8bb6 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langfuse/langfuse_prompt_management.py:90
    langfuse_debug = os.getenv("LANGFUSE_DEBUG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f13cadcc55416fe2 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:68
            or float(os.getenv("LANGSMITH_SAMPLING_RATE"))  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c27f93b8faacad4 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:69
            if os.getenv("LANGSMITH_SAMPLING_RATE") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c86ad75f043da80a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:70
            and os.getenv("LANGSMITH_SAMPLING_RATE").strip().isdigit()  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ec5b03c7e36afc5 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:73
        self.langsmith_default_run_name = os.getenv(
            "LANGSMITH_DEFAULT_RUN_NAME", "LLMRun"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7fc9363824f1615 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:80
            os.getenv("LANGSMITH_BATCH_SIZE", None) or litellm.langsmith_batch_size

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43164c200f277f47 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:95
        _credentials_api_key = langsmith_api_key or os.getenv("LANGSMITH_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e3577434fbd1717 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:97
            langsmith_project or os.getenv("LANGSMITH_PROJECT") or "litellm-completion"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c89e845278ea624 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:101
            or os.getenv("LANGSMITH_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #afe2d8d181fd4755 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/langsmith.py:104
        _credentials_tenant_id = langsmith_tenant_id or os.getenv("LANGSMITH_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03d375b4f3d0af76 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/levo/levo.py:52
        api_key = os.environ.get("LEVOAI_API_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b49bc0955e51ef2 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/levo/levo.py:53
        org_id = os.environ.get("LEVOAI_ORG_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4855f3946c28c395 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/levo/levo.py:54
        workspace_id = os.environ.get("LEVOAI_WORKSPACE_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9fe816fb7a249e80 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/levo/levo.py:55
        collector_url = os.environ.get("LEVOAI_COLLECTOR_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e3d230443e0b67c Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/literal_ai.py:28
        self.literalai_api_url = os.getenv("LITERAL_API_URL") or literalai_api_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7664a2c05d926b9e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/literal_ai.py:31
            "x-api-key": literalai_api_key or os.getenv("LITERAL_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ad3fb7ab2a62cfe Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/literal_ai.py:40
        batch_size = os.getenv("LITERAL_BATCH_SIZE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67b60a42c42ee587 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/logfire_logger.py:36
                logfire.configure(token=os.getenv("LOGFIRE_TOKEN"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd1037df3199aa07 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/mock_client_factory.py:128
        float(os.getenv(latency_env, str(config.default_latency_ms))) / 1000.0

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae536676c1a43d0e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/mock_client_factory.py:278
        mock_mode = os.getenv(config.env_var, "false")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b94ecf2a60e4ffaf Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:46
        if os.getenv("OPENMETER_API_KEY", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f10da3ca12e945dc Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:87
            "type": os.getenv("OPENMETER_EVENT_TYPE", "litellm_tokens"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #982dd07df2b65f7e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:96
        _url = os.getenv("OPENMETER_API_ENDPOINT", "https://openmeter.cloud")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f9fec419d5bcd16 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:102
        api_key = os.getenv("OPENMETER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #896348d6178c58fb Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:122
        _url = os.getenv("OPENMETER_API_ENDPOINT", "https://openmeter.cloud")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96d777ed96c982d5 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/openmeter.py:128
        api_key = os.getenv("OPENMETER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b9f76e0237c3502 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:52
LITELLM_TRACER_NAME = os.getenv("OTEL_TRACER_NAME", "litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f139b798e7aeab4 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:53
LITELLM_METER_NAME = os.getenv("LITELLM_METER_NAME", "litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28a60a3504db3345 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:54
LITELLM_LOGGER_NAME = os.getenv("LITELLM_LOGGER_NAME", "litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61d8c682e283e167 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:85
            self.service_name = os.getenv("OTEL_SERVICE_NAME", "litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e650a7644568e3e0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:87
            self.deployment_environment = os.getenv(
                "OTEL_ENVIRONMENT_NAME", "production"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #645c1601c9a8ebd3 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:91
            self.model_id = os.getenv("OTEL_MODEL_ID", self.service_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f823ff02174d1eb9 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:106
        exporter = os.getenv(
            "OTEL_EXPORTER_OTLP_PROTOCOL", os.getenv("OTEL_EXPORTER", "console")
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aee59b17a754c56b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:107
            "OTEL_EXPORTER_OTLP_PROTOCOL", os.getenv("OTEL_EXPORTER", "console")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf7c6b53f5030ca5 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:109
        endpoint = os.getenv("OTEL_EXPORTER_OTLP_ENDPOINT", os.getenv("OTEL_ENDPOINT"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a07f782bb5a1fc85 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:110
        headers = os.getenv(
            "OTEL_EXPORTER_OTLP_HEADERS", os.getenv("OTEL_HEADERS")
        )  # example: OTEL_HEADERS=x-honeycomb-team=B85YgLm96***"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6599f767f9b461f5 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:111
            "OTEL_EXPORTER_OTLP_HEADERS", os.getenv("OTEL_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08f067151741d390 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:114
            os.getenv("LITELLM_OTEL_INTEGRATION_ENABLE_METRICS", "false").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #edca8565d8995b9b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:118
            os.getenv("LITELLM_OTEL_INTEGRATION_ENABLE_EVENTS", "false").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1869b425c959a335 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:121
        service_name = os.getenv("OTEL_SERVICE_NAME", "litellm")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42add460ba65ad97 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:122
        deployment_environment = os.getenv("OTEL_ENVIRONMENT_NAME", "production")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1474a4c38db7a73 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:123
        model_id = os.getenv("OTEL_MODEL_ID", service_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cbc72045303e773a Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:161
        _debug_otel = str(os.getenv("DEBUG_OTEL", "False")).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54a1b6411cf4ef3e Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opentelemetry.py:2119
        otel_logs_exporter = os.getenv("OTEL_LOGS_EXPORTER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8521fab4ca8c63a4 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/opik/utils.py:58
    return os.getenv((env_prefix + key).upper(), None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97f9e482f1f585a6 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/posthog.py:56
            if os.getenv("POSTHOG_API_KEY", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68334a6c1f93f517 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/posthog.py:64
            self.POSTHOG_API_KEY = os.getenv("POSTHOG_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6cb173c9eb092534 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/posthog.py:65
            posthog_api_url = os.getenv("POSTHOG_API_URL", "https://us.i.posthog.com")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7ee72e254fc3fd0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/prometheus.py:3035
        if "PROMETHEUS_MULTIPROC_DIR" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b6a559ff949113d Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/prompt_layer.py:15
        self.key = os.getenv("PROMPTLAYER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #2b1e1149ff658a18 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/prompt_layer.py:50
            request_response = litellm.module_level_client.post(
                "https://api.promptlayer.com/rest/track-request",
                json={
                    "function_name": "openai.ChatCompletion.create",
                    "kwargs": new_kwargs,
                    "tags": tags,
                    "request_response": dict(response_obj),
                    "request_start_time": int(start_time.timestamp()),
                    "request_end_time": int(end_time.timestamp()),
                    "api_key": self.key,
                    # Optional params for PromptLayer
                    # "prompt_id": "<PROMPT ID>",
                    # "prompt_input_variables": "<Dictionary of variables for prompt>",
                    # "prompt_version":1,
                },
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #9f2e0f1bb5668137 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/prompt_layer.py:77
                    response = litellm.module_level_client.post(
                        "https://api.promptlayer.com/rest/track-metadata",
                        json={
                            "request_id": response_json["request_id"],
                            "api_key": self.key,
                            "metadata": metadata,
                        },
                    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #99a988832c2c06c3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/s3_v2.py:375
            response = await self.async_httpx_client.put(
                url, data=json_string, headers=signed_headers
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #939fc2497f609075 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/s3_v2.py:554
            response = httpx_client.put(url, data=json_string, headers=signed_headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #27255f32b867cb5e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/integrations/sqs.py:361
            response = await self.async_httpx_client.post(
                self.sqs_queue_url,
                data=body,
                headers=signed_headers,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #a0d5752b2b078051 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/supabase.py:18
        self.supabase_url = os.getenv("SUPABASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dab0fae6b332fca8 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/supabase.py:19
        self.supabase_key = os.getenv("SUPABASE_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c94b36a887c6529b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/vantage/vantage_logger.py:46
        resolved_api_key = api_key or os.getenv("VANTAGE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ded0c7d6b26c15b7 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/vantage/vantage_logger.py:47
        resolved_token = integration_token or os.getenv("VANTAGE_INTEGRATION_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bd69105917c6f37 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/vantage/vantage_logger.py:48
        resolved_base_url = base_url or os.getenv(
            "VANTAGE_BASE_URL", "https://api.vantage.sh"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae4c253376309eb5 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/vantage/vantage_logger.py:52
            frequency or os.getenv("VANTAGE_EXPORT_FREQUENCY") or "hourly"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #705b2ea3ca146b0f Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/vantage/vantage_logger.py:55
        raw_interval = interval_seconds or os.getenv("VANTAGE_EXPORT_INTERVAL_SECONDS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bdc034d1fc39eafe Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/weave/weave_otel.py:140
    api_key = os.getenv("WANDB_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58028abb844bbc36 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/weave/weave_otel.py:141
    project_id = os.getenv("WANDB_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7e9342a99c7e2d0 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/weave/weave_otel.py:142
    host = os.getenv("WANDB_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a038a5d08d78c8b Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/weave/weave_otel.py:169
    os.environ["OTEL_EXPORTER_OTLP_ENDPOINT"] = endpoint

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e84f19aa44751373 Environment-variable access.
pkgs/python/[email protected]/litellm/integrations/weave/weave_otel.py:170
    os.environ["OTEL_EXPORTER_OTLP_HEADERS"] = otlp_auth_headers

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65a22e78b6a4b648 Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/audio_utils/utils.py:59
        with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bdfef4d13eefcc91 Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/audio_utils/utils.py:71
                with open(str(content), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #697223267ad68bf4 Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/audio_utils/utils.py:154
                with open(str(file_content_obj), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e4a20329655bd45 Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/audio_utils/utils.py:204
    return open(file_path, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #677f554f32ad4663 Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/audio_utils/utils.py:234
            with open(str(file), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa1012cee07cc536 Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/cli_token_utils.py:28
        with open(token_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5183e57686d0e16 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/default_encoding.py:21
custom_cache_dir = os.getenv("CUSTOM_TIKTOKEN_CACHE_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5282e50b039a38fa Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/default_encoding.py:29
os.environ["TIKTOKEN_CACHE_DIR"] = cache_dir  # use local copy of tiktoken b/c of - https://github.com/BerriAI/litellm/issues/1071

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b04bcab8abddacce Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/env_utils.py:14
    raw = os.getenv(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fda983ba9e66bea4 Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/get_blog_posts.py:54
            files("litellm").joinpath("blog_posts.json").read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc1e403f02f7d901 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/get_blog_posts.py:96
        if os.getenv("LITELLM_LOCAL_BLOG_POSTS", "").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b303072abfa2e6f Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/get_model_cost_map.py:40
            files("litellm")
            .joinpath("model_prices_and_context_window_backup.json")
            .read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e02e9d6fbbd4fee Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/get_model_cost_map.py:258
    if os.getenv("LITELLM_LOCAL_MODEL_COST_MAP", "").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e0c4abc312e9d2c Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3512
                    os.environ.get("SENTRY_API_TRACE_RATE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0329f3f1773c6a67 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3513
                    if "SENTRY_API_TRACE_RATE" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e67982776e16078 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3517
                    os.environ.get("SENTRY_API_SAMPLE_RATE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f70c5843d0bb1c84 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3518
                    if "SENTRY_API_SAMPLE_RATE" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d7a8bf39485ea60 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3522
                    dsn=os.environ.get("SENTRY_DSN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9d26c43ed9d06ab Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3531
                    environment=os.environ.get("SENTRY_ENVIRONMENT", "production"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70cbd9cb5ccefbc8 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3545
                    token=os.environ.get("SLACK_API_TOKEN"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b81756e327e2ae22 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3546
                    signing_secret=os.environ.get("SLACK_API_SECRET"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fcd8670b8b05c251 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3548
                alerts_channel = os.environ["SLACK_API_CHANNEL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6e3379661c27639 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3774
            os.environ["OTEL_EXPORTER_OTLP_TRACES_HEADERS"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4db4feb22698ec11 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3799
                existing_attrs = os.environ.get("OTEL_RESOURCE_ATTRIBUTES", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6b732c30f3810f5 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3802
                    os.environ["OTEL_RESOURCE_ATTRIBUTES"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2670b5472006c9db Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3806
                    os.environ["OTEL_RESOURCE_ATTRIBUTES"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45f7c3602545cf0a Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3811
            phoenix_project_name = os.environ.get("PHOENIX_PROJECT_NAME", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a5482a2a385dd8a Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3813
                existing_attrs = os.environ.get("OTEL_RESOURCE_ATTRIBUTES", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af3f9ddff3ca83d3 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3816
                    os.environ["OTEL_RESOURCE_ATTRIBUTES"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65aa49d3f64137a5 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3820
                    os.environ["OTEL_RESOURCE_ATTRIBUTES"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab1dcb494a39ef4e Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3826
                os.environ["OTEL_EXPORTER_OTLP_TRACES_HEADERS"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c94bc15b0edff19 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3930
            if "LOGFIRE_TOKEN" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60194817f977e528 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3937
            logfire_base_url = os.getenv(
                "LOGFIRE_BASE_URL", "https://logfire-api.pydantic.dev"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43c8f7af8cc31697 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:3943
                headers=f"Authorization={os.getenv('LOGFIRE_TOKEN')}",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e5743ab9aaacfcb Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4001
            if "LANGTRACE_API_KEY" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e8b7021a5fa7ad1 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4013
            os.environ["OTEL_EXPORTER_OTLP_TRACES_HEADERS"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0acdca095ea0fd13 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4014
                f"api_key={os.getenv('LANGTRACE_API_KEY')}"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2cc67200c4b163aa Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4220
    if not any(os.environ.get(v) for v in phoenix_env_vars):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #297521a110acefe1 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4373
            if "ARIZE_API_KEY" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe399bdac4a5ffdc Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4382
            if "LOGFIRE_TOKEN" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4188abddf8a190c8 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:4411
            if "LANGTRACE_API_KEY" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1503f7e8105689b5 Environment-variable access.
pkgs/python/[email protected]/litellm/litellm_core_utils/litellm_logging.py:5493
    if os.getenv("LITELLM_PRINT_STANDARD_LOGGING_PAYLOAD"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31e26504b8943e88 Filesystem access.
pkgs/python/[email protected]/litellm/litellm_core_utils/prompt_templates/common_utils.py:643
        with open(file_content, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #211fa41a4c8f7600 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/anthropic/chat/handler.py:87
        response = await client.post(
            api_base, headers=headers, data=data, stream=True, timeout=timeout
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4f5dcacb25cf7860 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/anthropic/chat/handler.py:140
        response = client.post(
            api_base, headers=headers, data=data, stream=True, timeout=timeout
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #bb014eb115d016ee Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/anthropic/chat/handler.py:461
                    response = client.post(
                        api_base,
                        headers=headers,
                        data=json.dumps(data),
                        timeout=timeout,
                    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #04ff956467970527 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/anthropic/count_tokens/handler.py:89
            response = await async_client.post(
                endpoint_url,
                headers=headers,
                json=request_body,
                timeout=request_timeout,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #137b5ce2384b2748 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/anthropic/count_tokens/token_counter.py:60
            api_key = os.getenv("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8b9af62845dc061 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/anthropic/experimental_pass_through/messages/transformation.py:152
            api_key = os.getenv("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44aba108491968b0 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:183
    azure_authority_host = os.getenv(
        "AZURE_AUTHORITY_HOST", "https://login.microsoftonline.com"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e83c79f984c1d4a Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:186
    azure_client_id = azure_client_id or os.getenv("AZURE_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f092497e2fde0fb9 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:187
    azure_tenant_id = azure_tenant_id or os.getenv("AZURE_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #0119574443769f9c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:217
    req_token = client.post(
        f"{azure_authority_host}/{azure_tenant_id}/oauth2/v2.0/token",
        data={
            "client_id": azure_client_id,
            "grant_type": "client_credentials",
            "scope": scope,
            "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
            "client_assertion": oidc_token,
        },
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #b0ef0dc8b03d4069 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:302
    tenant_id = litellm_params.get("tenant_id") or os.getenv("AZURE_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c75ee220f4638240 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:303
    client_id = litellm_params.get("client_id") or os.getenv("AZURE_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e72f0c88f8ece01e Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:304
    client_secret = litellm_params.get("client_secret") or os.getenv(
        "AZURE_CLIENT_SECRET"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf5a97eea56d918b Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:307
    azure_username = litellm_params.get("azure_username") or os.getenv("AZURE_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0aaa61c02d25399e Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:308
    azure_password = litellm_params.get("azure_password") or os.getenv("AZURE_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2e694defc4d4d59 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:309
    scope = litellm_params.get("azure_scope") or os.getenv(
        "AZURE_SCOPE", "https://cognitiveservices.azure.com/.default"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fadfe75fde31c7f3 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:613
            api_version = os.getenv(
                "AZURE_API_VERSION", litellm.AZURE_DEFAULT_API_VERSION
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fb37b469d450817 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:668
        tenant_id = litellm_params.get("tenant_id", os.getenv("AZURE_TENANT_ID"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae443db5cddbe9a2 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:669
        client_id = litellm_params.get("client_id", os.getenv("AZURE_CLIENT_ID"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49b3617633c5ed49 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:672
            os.getenv("AZURE_SCOPE", "https://cognitiveservices.azure.com/.default"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ba7828874786a74 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure/common_utils.py:814
        return os.getenv(env_var_key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #6ec2ee82ed11cd16 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/azure_ai/anthropic/count_tokens/handler.py:94
            response = await async_client.post(
                endpoint_url,
                headers=headers,
                json=request_body,
                timeout=request_timeout,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #211886a371db7635 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure_ai/anthropic/count_tokens/token_counter.py:62
            api_key = os.getenv("AZURE_AI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a48c6ebfc3731ef1 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/azure_ai/anthropic/count_tokens/token_counter.py:67
            api_base = os.getenv("AZURE_AI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #90e0bd9960b44862 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/azure_ai/anthropic/handler.py:191
                    response = client.post(
                        api_base,
                        headers=headers,
                        data=json.dumps(data),
                        timeout=timeout,
                    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #587cd4e24b115fb9 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:140
                if key.upper() in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d5212a93f8c002c Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:141
                    params_to_check[i] = os.getenv(key.upper())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90c5a779f3242959 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:618
        current_role_arn = os.getenv("AWS_ROLE_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #559772e735c03964 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:619
        web_identity_token_file = os.getenv("AWS_WEB_IDENTITY_TOKEN_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87b9faafdc89da3c Filesystem access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:747
        with open(web_identity_token_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c50388188be2b5dc Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:895
        web_identity_token_file = os.getenv("AWS_WEB_IDENTITY_TOKEN_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed86bfb99fd6b10a Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:896
        irsa_role_arn = os.getenv("AWS_ROLE_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65b3d8e3d8924e8d Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:900
            or os.getenv("AWS_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ba15722668be013 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/base_aws_llm.py:901
            or os.getenv("AWS_DEFAULT_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0085e87fd2de9705 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/batches/transformation.py:107
        output_bucket = litellm_params.get("s3_output_bucket_name") or os.getenv(
            "AWS_S3_OUTPUT_BUCKET_NAME"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50c83baae0eabf26 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/batches/transformation.py:118
            or os.getenv("AWS_BATCH_ROLE_ARN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #4c63a126faf8a4c0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/bedrock/chat/agentcore/transformation.py:624
        response = client.post(
            api_base,
            headers=headers,
            data=signed_json_body if signed_json_body else json.dumps(data),
            stream=True,
            logging_obj=logging_obj,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #634fde606a0f6399 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/bedrock/chat/agentcore/transformation.py:842
        response = await client.post(
            api_base,
            headers=headers,
            data=signed_json_body if signed_json_body else json.dumps(data),
            stream=True,
            logging_obj=logging_obj,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #738f0dc5e31bf7e4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/bedrock/chat/converse_handler.py:40
    response = client.post(
        api_base,
        headers=headers,
        data=data,
        stream=not fake_stream,
        logging_obj=logging_obj,
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2893b2cb31290e29 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/bedrock/chat/invoke_handler.py:209
        response = await client.post(
            api_base,
            headers=headers,
            data=data,
            stream=not fake_stream,
            logging_obj=logging_obj,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #107d7cea3fd9ea59 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/bedrock/chat/invoke_handler.py:303
        response = client.post(
            api_base,
            headers=headers,
            data=signed_json_body if signed_json_body is not None else data,
            stream=not fake_stream,
            logging_obj=logging_obj,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #9ac0ca51a17a751c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/bedrock/chat/invoke_handler.py:1180
            response = await client.post(
                api_base,
                headers=headers,
                data=data,
                timeout=timeout,
                logging_obj=logging_obj,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #7ede655e894bfbce Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/common_utils.py:1118
            or os.getenv(bucket_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #b292f1e0053ee355 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/bedrock/count_tokens/handler.py:91
            response = await async_client.post(
                endpoint_url,
                headers=signed_headers,
                data=signed_body,
                timeout=30.0,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #8453524286a1588d Filesystem access.
pkgs/python/[email protected]/litellm/llms/bedrock/files/transformation.py:93
            with open(str(file_content), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fbcdd5289d10005 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/bedrock/files/transformation.py:168
        bucket_name = litellm_params.get("s3_bucket_name") or os.getenv(
            "AWS_S3_BUCKET_NAME"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1dc283cd4c3484a4 Filesystem access.
pkgs/python/[email protected]/litellm/llms/bedrock/files/transformation.py:753
            with open(str(file_content), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ff59fcb58cc68c3 Filesystem access.
pkgs/python/[email protected]/litellm/llms/black_forest_labs/image_edit/transformation.py:215
                with open(image, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #a993b4c301e92830 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/bytez/chat/transformation.py:265
            response = client.post(
                api_base,
                headers=headers,
                data=json.dumps(data),
                stream=True,
                logging_obj=logging_obj,
                timeout=STREAMING_TIMEOUT,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #5d54a115aa8633f6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/bytez/chat/transformation.py:309
            response = await client.post(
                api_base,
                headers=headers,
                data=json.dumps(data),
                stream=True,
                logging_obj=logging_obj,
                timeout=STREAMING_TIMEOUT,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #66cb9e59bb3d7459 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:33
        self.token_dir = os.getenv(
            "CHATGPT_TOKEN_DIR",
            os.path.expanduser("~/.config/litellm/chatgpt"),
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #923b0524111ad8ed Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:38
            self.token_dir, os.getenv("CHATGPT_AUTH_FILE", "auth.json")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3031ec989db4a078 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:44
            os.getenv("CHATGPT_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3df22373ad12d8ad Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:45
            or os.getenv("OPENAI_CHATGPT_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0141d62397076d52 Filesystem access.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:95
            with open(self.auth_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #116139a03b61f756 Filesystem access.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:105
            with open(self.auth_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #c6cd69e0df6555ae Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:178
            resp = client.post(
                CHATGPT_DEVICE_CODE_URL,
                json={"client_id": CHATGPT_CLIENT_ID},
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #beea405a4ad4e6de Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:217
                resp = client.post(
                    CHATGPT_DEVICE_TOKEN_URL,
                    json={
                        "device_auth_id": device_code["device_auth_id"],
                        "user_code": device_code["user_code"],
                    },
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #845bc3b0c2b49370 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:271
            resp = client.post(
                CHATGPT_OAUTH_TOKEN_URL,
                headers={"Content-Type": "application/x-www-form-urlencoded"},
                content=body,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #209daef92dc1b481 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/chatgpt/authenticator.py:305
            resp = client.post(
                CHATGPT_OAUTH_TOKEN_URL,
                json={
                    "client_id": CHATGPT_CLIENT_ID,
                    "grant_type": "refresh_token",
                    "refresh_token": refresh_token,
                    "scope": "openid profile email",
                },
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #83d51f0d2d00371c Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:152
    term_program = os.getenv("TERM_PROGRAM")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #645da8ab4edf58c7 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:154
        version = os.getenv("TERM_PROGRAM_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06a4ac2103a4e2ae Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:158
    wezterm_version = os.getenv("WEZTERM_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee18bf95bd766423 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:164
        os.getenv("ITERM_SESSION_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #411b596dd46bc7cc Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:165
        or os.getenv("ITERM_PROFILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6637b5e88a83ecb8 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:166
        or os.getenv("ITERM_PROFILE_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7054524608b5d44b Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:170
    if os.getenv("TERM_SESSION_ID"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d1a56f426c55fcc Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:173
    if os.getenv("KITTY_WINDOW_ID") or "kitty" in (os.getenv("TERM") or ""):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1234229fc45d959 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:176
    if os.getenv("ALACRITTY_SOCKET") or os.getenv("TERM") == "alacritty":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a957017d6587d8e7 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:179
    konsole_version = os.getenv("KONSOLE_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dee3d4004e6f2a88 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:184
    if os.getenv("GNOME_TERMINAL_SCREEN"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd5a56982507e803 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:187
    vte_version = os.getenv("VTE_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7b82900e924852d Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:192
    if os.getenv("WT_SESSION"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c54b39e71b4f11db Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:195
    term = os.getenv("TERM")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #baac40f0ff5e4380 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:212
    originator = os.getenv("CHATGPT_ORIGINATOR") or DEFAULT_ORIGINATOR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b02d3108ed86705c Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:217
    override = os.getenv("CHATGPT_USER_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb67290d9f60693a Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:225
    suffix = os.getenv("CHATGPT_USER_AGENT_SUFFIX", "").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cfd73474ceb6aed Environment-variable access.
pkgs/python/[email protected]/litellm/llms/chatgpt/common_utils.py:255
    return os.getenv("CHATGPT_DEFAULT_INSTRUCTIONS") or CHATGPT_DEFAULT_INSTRUCTIONS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #eb0a08c754f9c161 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/codestral/completion/handler.py:62
    response = await client.post(api_base, headers=headers, data=data, stream=True)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #75011824a156275a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/codestral/completion/handler.py:303
            response = litellm.module_level_client.post(
                completion_url,
                headers=headers,
                data=json.dumps(data),
                stream=stream,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #bc9961ac4844c962 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/cohere/embed/handler.py:86
        response = await client.post(api_base, headers=headers, data=json.dumps(data))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #23f97065246458e2 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/cohere/embed/handler.py:174
    response = client.post(embed_url, headers=headers, data=json.dumps(data))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #086056e833d2b238 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/aiohttp_transport.py:353
            or str_to_bool(os.getenv("DISABLE_AIOHTTP_TRUST_ENV", "False"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54cc09538aa3d0a2 Filesystem access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/container_handler.py:44
    with open(config_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a350e8245b2ad48 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:62
    user_agent = os.environ.get("LITELLM_USER_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ad0a58b05359bcd Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:189
        ssl_verify = os.getenv("SSL_VERIFY", litellm.ssl_verify)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a057a8047329e69 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:204
        ssl_cert_file = os.getenv("SSL_CERT_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #658ba57c628ef522 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:246
    ssl_security_level = os.getenv("SSL_SECURITY_LEVEL", litellm.ssl_security_level)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c783c7fd72d026c6 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:247
    ssl_ecdh_curve = os.getenv("SSL_ECDH_CURVE", litellm.ssl_ecdh_curve)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e96ae8157987d93 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:253
        ssl_cert_file = os.getenv("SSL_CERT_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a224a70503c555b4 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:377
        cert = os.getenv("SSL_CERTIFICATE", litellm.ssl_certificate)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e336665c2be47ea Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:787
            or str_to_bool(os.getenv("DISABLE_AIOHTTP_TRANSPORT", "False")) is True

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5088d1271e09c1dc Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:849
        if str_to_bool(os.getenv("AIOHTTP_TRUST_ENV", "False")) is True:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #961a2b4018f5c720 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/http_handler.py:934
        cert = os.getenv("SSL_CERTIFICATE", litellm.ssl_certificate)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ef3948cf8e2801f Environment-variable access.
pkgs/python/[email protected]/litellm/llms/custom_httpx/httpx_handler.py:19
    user_agent = os.environ.get("LITELLM_USER_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #0f422b9c70a22065 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/custom_httpx/httpx_handler.py:56
            response = await self.client.post(
                url, data=data, params=params, headers=headers  # type: ignore
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #23cc33d238a9db20 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/chat/transformation.py:168
            or os.getenv("LITELLM_USER_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1853129f057517cd Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/chat/transformation.py:169
            or os.getenv("DATABRICKS_USER_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #0dcade229d79ee5b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/databricks/common_utils.py:238
            response = requests.post(
                token_url,
                data={
                    "grant_type": "client_credentials",
                    "scope": "all-apis",
                },
                auth=(client_id, client_secret),
                headers={"Content-Type": "application/x-www-form-urlencoded"},
                timeout=30,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #309d8f3fedb8a798 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/common_utils.py:340
        client_id = os.getenv("DATABRICKS_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98e240a1933c717a Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/common_utils.py:341
        client_secret = os.getenv("DATABRICKS_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9ea3069e3d68a6c Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/common_utils.py:345
            api_base = os.getenv("DATABRICKS_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c45adc98fb01cd82 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/embed/handler.py:36
            or os.getenv("LITELLM_USER_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc262b4fee64ad64 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/embed/handler.py:37
            or os.getenv("DATABRICKS_USER_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d65a8bd3ba8bb29 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/responses/transformation.py:48
        api_key = litellm_params.api_key or os.getenv("DATABRICKS_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de99ec71aa258532 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/responses/transformation.py:49
        api_base = litellm_params.api_base or os.getenv("DATABRICKS_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef36f1c52ff6bbcb Environment-variable access.
pkgs/python/[email protected]/litellm/llms/databricks/responses/transformation.py:71
        api_base = api_base or os.getenv("DATABRICKS_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #8915a22274f266f2 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/deprecated_providers/aleph_alpha.py:240
    response = litellm.module_level_client.post(
        completion_url,
        headers=headers,
        data=json.dumps(data),
        stream=optional_params["stream"] if "stream" in optional_params else False,
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #60083bfd62c26524 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/gigachat/authenticator.py:176
        response = client.post(auth_url, headers=headers, data=data, timeout=30)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #11b200faaa2d7628 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/gigachat/authenticator.py:211
        response = await client.post(auth_url, headers=headers, data=data, timeout=30)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #cb84d9c03b1c5200 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/gigachat/file_handler.py:124
        response = client.post(
            upload_url,
            headers={"Authorization": f"Bearer {access_token}"},
            files={"file": (filename, content_bytes, content_type)},
            data={"purpose": "general"},
            timeout=60,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f36ba9ac72e5f71b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/gigachat/file_handler.py:192
        response = await client.post(
            upload_url,
            headers={"Authorization": f"Bearer {access_token}"},
            files={"file": (filename, content_bytes, content_type)},
            data={"purpose": "general"},
            timeout=60,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #ff3f91e9ba4df861 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:31
        self.token_dir = os.getenv(
            "GITHUB_COPILOT_TOKEN_DIR",
            os.path.expanduser("~/.config/litellm/github_copilot"),
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59380ad6ab026484 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:37
            os.getenv("GITHUB_COPILOT_ACCESS_TOKEN_FILE", "access-token"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ebdcf32ffb19bd49 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:40
            self.token_dir, os.getenv("GITHUB_COPILOT_API_KEY_FILE", "api-key.json")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42c4b3c361310994 Filesystem access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:55
            with open(self.access_token_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90733b75ee74d5fe Filesystem access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:69
                    with open(self.access_token_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bd194c304de80cb Filesystem access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:94
            with open(self.api_key_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dde8c4871a14f8a8 Filesystem access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:113
            with open(self.api_key_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #078b3ddf8b7bf98b Filesystem access.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:143
            with open(self.api_key_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #f7a021d2220d2c42 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:235
            resp = sync_client.post(
                GITHUB_DEVICE_CODE_URL,
                headers=self._get_github_headers(),
                json={"client_id": GITHUB_CLIENT_ID, "scope": "read:user"},
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #dfe524d14da6db1d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/github_copilot/authenticator.py:289
                resp = sync_client.post(
                    GITHUB_ACCESS_TOKEN_URL,
                    headers=self._get_github_headers(),
                    json={
                        "client_id": GITHUB_CLIENT_ID,
                        "device_code": device_code,
                        "grant_type": "urn:ietf:params:oauth:grant-type:device_code",
                    },
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #e2ca3fff540beb1f Environment-variable access.
pkgs/python/[email protected]/litellm/llms/heroku/chat/transformation.py:57
        api_base = api_base or os.getenv("HEROKU_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6033d81536910611 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/heroku/chat/transformation.py:58
        api_key = api_key or os.getenv("HEROKU_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5907d2227f97ebc5 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/chat/transformation.py:82
            base_url = os.getenv("HF_API_BASE") or os.getenv("HUGGINGFACE_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #167da4e8345b2675 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/chat/transformation.py:102
        elif os.getenv("HF_API_BASE") or os.getenv("HUGGINGFACE_API_BASE"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db0424edca0154de Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/chat/transformation.py:103
            complete_url = str(os.getenv("HF_API_BASE")) or str(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88ea6d869aaf57b3 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/chat/transformation.py:104
                os.getenv("HUGGINGFACE_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a33e13a0c050c86b Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:76
    if os.getenv("HUGGINGFACE_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2daa13f0a78c1668 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/common_utils.py:77
        headers["Authorization"] = f"Bearer {os.getenv('HUGGINGFACE_API_KEY')}"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #03ca7a74f305c2fa Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/handler.py:296
        response = await client.post(api_base, headers=headers, data=json.dumps(data))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #c333efeef79836c8 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/handler.py:355
        elif "HF_API_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d84194dc1b73999 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/handler.py:356
            embed_url = os.getenv("HF_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5eff3e051d60c21 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/handler.py:357
        elif "HUGGINGFACE_API_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45a42707b2c284e8 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/handler.py:358
            embed_url = os.getenv("HUGGINGFACE_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #54acdb4906529bf3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/handler.py:403
        response = client.post(embed_url, headers=headers, data=json.dumps(data))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #6d561a10569324a9 Filesystem access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/transformation.py:164
            with open(file_path, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3434ac5c9f1e4cd3 Filesystem access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/transformation.py:178
            with open(file_path, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffd8f6e1ddcaa62d Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/transformation.py:343
        elif "HF_API_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ae872dfdf2bb6e5 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/transformation.py:344
            completion_url = os.getenv("HF_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f4cab74d537335e Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/transformation.py:345
        elif "HUGGINGFACE_API_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e21264a23ec6096 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/embedding/transformation.py:346
            completion_url = os.getenv("HUGGINGFACE_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c77722bde8771b1 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/rerank/transformation.py:56
        elif os.getenv("HF_API_BASE") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ada8156c5e8bffdf Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/rerank/transformation.py:57
            return os.getenv("HF_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97702ac07f1432e9 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/rerank/transformation.py:58
        elif os.getenv("HUGGINGFACE_API_BASE") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b195157550fec9c Environment-variable access.
pkgs/python/[email protected]/litellm/llms/huggingface/rerank/transformation.py:59
            return os.getenv("HUGGINGFACE_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #739f482a876bed2d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/langgraph/chat/transformation.py:301
        response = client.post(
            api_base,
            headers=headers,
            data=json.dumps(data),
            stream=True,
            logging_obj=logging_obj,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c89a68f4c2e90fe7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/langgraph/chat/transformation.py:366
        response = await client.post(
            api_base,
            headers=headers,
            data=json.dumps(data),
            stream=True,
            logging_obj=logging_obj,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #a616b00c1fb8b99b Filesystem access.
pkgs/python/[email protected]/litellm/llms/litellm_proxy/skills/sandbox_executor.py:101
                        with open(local_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #baa6997087875ab2 Filesystem access.
pkgs/python/[email protected]/litellm/llms/litellm_proxy/skills/sandbox_executor.py:243
                        with open(tmp_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #e27d08038aee3973 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/nlp_cloud/chat/handler.py:77
    response = client.post(
        completion_url,
        headers=headers,
        data=json.dumps(data),
        stream=optional_params["stream"] if "stream" in optional_params else False,
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #4ae6c91f6364bdd6 Filesystem access.
pkgs/python/[email protected]/litellm/llms/oci/chat/transformation.py:161
        with open(file_path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #a341546ff096b345 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/oci/chat/transformation.py:1097
            response = client.post(
                api_base,
                headers=headers,
                data=json.dumps(data),
                stream=True,
                logging_obj=logging_obj,
                timeout=STREAMING_TIMEOUT,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f4a252ad52b7ff45 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/oci/chat/transformation.py:1142
            response = await client.post(
                api_base,
                headers=headers,
                data=json.dumps(data),
                stream=True,
                logging_obj=logging_obj,
                timeout=STREAMING_TIMEOUT,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #4d193dcf24af28b3 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/ollama/common_utils.py:68
            os.environ.get("OLLAMA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63a714d09e876ec5 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/ollama/completion/transformation.py:220
            os.environ.get("OLLAMA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #97cc0aa7e80bed9a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/oobabooga/chat/oobabooga.py:65
    response = client.post(
        completion_url,
        headers=headers,
        data=json.dumps(data),
        stream=optional_params["stream"] if "stream" in optional_params else False,
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #3d769d424af00b49 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/oobabooga/chat/oobabooga.py:129
    response = litellm.module_level_client.post(
        embeddings_url, headers=headers, json=data
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #9537958f2e013929 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/openai/common_utils.py:273
        or os.getenv("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a12903c3caea33e9 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/openai/common_utils.py:274
        or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8fc8ac60c77a817d Environment-variable access.
pkgs/python/[email protected]/litellm/llms/openai/common_utils.py:280
        or os.getenv("OPENAI_ORGANIZATION", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #946a03dad97f4868 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/openai/common_utils.py:284
        api_key or litellm.api_key or litellm.openai_key or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #c8e36517b93b588e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/openai/responses/count_tokens/handler.py:73
            response = await async_client.post(
                endpoint_url,
                headers=headers,
                json=request_body,
                timeout=request_timeout,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #f0ee980f2c76d913 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/openai/responses/count_tokens/token_counter.py:54
            api_key = os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #3e684b386ec09df8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/openai_like/chat/handler.py:40
    response = await client.post(
        api_base, headers=headers, data=data, stream=not fake_stream
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #fa9f752f9b17a35d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/openai_like/chat/handler.py:81
    response = client.post(
        api_base, headers=headers, data=data, stream=not fake_stream, timeout=timeout
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #75e1767b987e566b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/openai_like/chat/handler.py:187
            response = await client.post(
                api_base, headers=headers, data=json.dumps(data), timeout=timeout
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #bb81e87d96a7de43 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/openai_like/embedding/handler.py:47
                response = await async_client.post(
                    api_base,
                    headers=headers,
                    data=json.dumps(data),
                )  # type: ignore

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #99847f0a7225b497 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/openai_like/embedding/handler.py:129
            response = self.client.post(
                api_base,
                headers=headers,
                data=json.dumps(data),
            )  # type: ignore

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #a0c7b02d29b6c379 Filesystem access.
pkgs/python/[email protected]/litellm/llms/openai_like/json_loader.py:47
            with open(json_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #460494cd5fad2dc8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/petals/completion/handler.py:69
        response = client.post(api_base, data=data)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #9a757e95b0c9a03b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/predibase/chat/handler.py:40
    response = await client.post(
        api_base, headers=headers, data=data, stream=True, timeout=timeout
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #cc437735050ef534 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/predibase/chat/handler.py:254
        elif "PREDIBASE_API_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #332451c319deeb74 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/predibase/chat/handler.py:255
            base_url = os.getenv("PREDIBASE_API_BASE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #4dab6e27cc66d8f5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/predibase/chat/handler.py:344
            response = litellm.module_level_client.post(
                completion_url,
                headers=headers,
                data=json.dumps(data),
                stream=stream,
                timeout=timeout,  # type: ignore
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #8bcc9c68c0451333 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/sagemaker/chat/transformation.py:138
            response = client.post(
                api_base,
                headers=headers,
                data=signed_json_body if signed_json_body is not None else data,
                stream=True,
                logging_obj=logging_obj,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #56447269738102b4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/sagemaker/chat/transformation.py:192
            response = await client.post(
                api_base,
                headers=headers,
                data=signed_json_body if signed_json_body is not None else data,
                stream=True,
                logging_obj=logging_obj,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #7a88ed8b237ccd80 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/sagemaker/completion/handler.py:370
            response = await client.post(
                api_base,
                headers=headers,
                data=data,
                stream=True,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #c94f99698de9b401 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:28
    return os.getenv(HOME_PATH_ENV_VAR, DEFAULT_HOME_PATH)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f8459f93861ff2c Environment-variable access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:41
    raw = os.environ.get(var_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8b75402ea317b1e Environment-variable access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:113
    profile = profile or os.environ.get(PROFILE_ENV_VAR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f21cdaecd926ff80 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:114
    cfg_env = os.getenv(CONFIG_FILE_ENV_VAR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f11c72521921883 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:196
    env = os.environ  # snapshot for testability

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #a8dfd79fdfbbb308 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:289
        resp = client.post(auth_url, data=data)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #f30467c90d7d2314 Filesystem access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:312
                with open(cert_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56a16a047a28b80f Filesystem access.
pkgs/python/[email protected]/litellm/llms/sap/credentials.py:314
                with open(key_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #14057ae1954cadff Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/together_ai/rerank/handler.py:51
        response = client.post(
            "https://api.together.xyz/v1/rerank",
            headers={
                "accept": "application/json",
                "content-type": "application/json",
                "authorization": f"Bearer {api_key}",
            },
            json=request_data_dict,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #6dfb644998015b33 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/together_ai/rerank/handler.py:77
        response = await client.post(
            "https://api.together.xyz/v1/rerank",
            headers={
                "accept": "application/json",
                "content-type": "application/json",
                "authorization": f"Bearer {api_key}",
            },
            json=request_data_dict,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #7abca0b44e715ebd Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/vertex_ai/agent_engine/transformation.py:395
        response = client.post(
            api_base,
            headers=headers,
            data=json.dumps(data),
            stream=True,
            logging_obj=logging_obj,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a42832b517a042cc Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/vertex_ai/agent_engine/transformation.py:459
        response = await client.post(
            api_base,
            headers=headers,
            data=json.dumps(data),
            stream=True,
            logging_obj=logging_obj,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #d414daa5fbdf46ce Filesystem access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/files/transformation.py:98
            with open(str(file_content), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5728de7f8ba1cba2 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/files/transformation.py:171
            or os.getenv("GCS_BUCKET_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa691fdc4f48d8a1 Filesystem access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/files/transformation.py:575
            with open(str(file_content), "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #d6771bf708005854 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/vertex_ai/gemini/vertex_and_google_ai_studio_gemini.py:2392
        response = await client.post(
            api_base, headers=headers, data=data, stream=True, logging_obj=logging_obj
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #49d7afd3e7e8cf8c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/vertex_ai/gemini/vertex_and_google_ai_studio_gemini.py:2441
    response = client.post(
        api_base, headers=headers, data=data, stream=True, logging_obj=logging_obj
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #6a4965f0477d7fc6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/vertex_ai/gemini/vertex_and_google_ai_studio_gemini.py:2664
            response = await client.post(
                api_base,
                headers=headers,
                json=cast(dict, request_body),
                logging_obj=logging_obj,
            )  # type: ignore

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #b1a4a38feae9e703 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_gemini_transformation.py:69
            or os.environ.get("VERTEXAI_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de2d52a347ee32a0 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_gemini_transformation.py:77
            or os.environ.get("VERTEXAI_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7e111d1f5238158 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_gemini_transformation.py:78
            or os.environ.get("VERTEX_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49fc063380c2b1b6 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_gemini_transformation.py:87
            or os.environ.get("VERTEXAI_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #082c0e285561f979 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_gemini_transformation.py:89
            or os.environ.get("GOOGLE_APPLICATION_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10aa053cd18936b6 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_imagen_transformation.py:77
            or os.environ.get("VERTEXAI_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d07161d9198112d4 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_imagen_transformation.py:85
            or os.environ.get("VERTEXAI_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9452b4f0bfc60a01 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_imagen_transformation.py:86
            or os.environ.get("VERTEX_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88180d1ea9f5df64 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_imagen_transformation.py:95
            or os.environ.get("VERTEXAI_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b262c7b036bd102 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_imagen_transformation.py:97
            or os.environ.get("GOOGLE_APPLICATION_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59ade39cce121e20 Filesystem access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_edit/vertex_imagen_transformation.py:357
            return path_obj.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #547efed942a6695a Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_gemini_transformation.py:101
            or os.environ.get("VERTEXAI_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb43ce1365728690 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_gemini_transformation.py:109
            or os.environ.get("VERTEXAI_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a2712339b050e20 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_gemini_transformation.py:110
            or os.environ.get("VERTEX_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #caa1fbb56a3a2822 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_gemini_transformation.py:119
            or os.environ.get("VERTEXAI_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc5307ebc5f40f0e Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_gemini_transformation.py:121
            or os.environ.get("GOOGLE_APPLICATION_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5f8bbab8a10b38c Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_imagen_transformation.py:87
            or os.environ.get("VERTEXAI_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec820a4ec4781c5b Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_imagen_transformation.py:95
            or os.environ.get("VERTEXAI_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f54157b6d04cf11e Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_imagen_transformation.py:96
            or os.environ.get("VERTEX_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ffa9dff661a6fa6 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_imagen_transformation.py:105
            or os.environ.get("VERTEXAI_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d13601b3bb97ded Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/image_generation/vertex_imagen_transformation.py:107
            or os.environ.get("GOOGLE_APPLICATION_CREDENTIALS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #40b735d9890eb462 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/vertex_ai/multimodal_embeddings/embedding_handler.py:171
            response = await client.post(api_base, headers=headers, json=data)  # type: ignore

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #4b7868b1875ab390 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/rag_engine/ingestion.py:93
        self.gcs_bucket = self.vector_store_config.get("gcs_bucket") or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a454ed6d16c865aa Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/rag_engine/ingestion.py:93
        self.gcs_bucket = self.vector_store_config.get("gcs_bucket") or os.environ.get(
            "GCS_BUCKET_NAME"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #029cbd3b872a61ad Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/rag_engine/ingestion.py:135
        original_bucket = os.environ.get("GCS_BUCKET_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6087156224b68217 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/rag_engine/ingestion.py:137
            os.environ["GCS_BUCKET_NAME"] = self.gcs_bucket

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a151f84270575956 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/rag_engine/ingestion.py:166
                os.environ["GCS_BUCKET_NAME"] = original_bucket

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa6a75cdb5a564ea Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/rag_engine/ingestion.py:167
            elif "GCS_BUCKET_NAME" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32545805d235b00b Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/rag_engine/ingestion.py:168
                del os.environ["GCS_BUCKET_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e832b979c0d25a47 Environment-variable access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/vertex_ai_non_gemini.py:157
                f"VERTEX AI: creds={creds}; google application credentials: {os.getenv('GOOGLE_APPLICATION_CREDENTIALS')}"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #bbaa825e1377bf5c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/vertex_ai/vertex_ai_partner_models/count_tokens/handler.py:140
        response = await async_client.post(
            endpoint_url,
            headers=headers,
            json=request_data,
            timeout=30.0,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #feddd01014c1b1de Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/llms/vertex_ai/vertex_embeddings/embedding_handler.py:212
            response = await client.post(api_base, headers=headers, json=vertex_request)  # type: ignore

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #e7c214bd0868713a Filesystem access.
pkgs/python/[email protected]/litellm/llms/vertex_ai/vertex_llm_base.py:96
                        json_obj = json.load(open(credentials))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56a29bbbc5de12c7 Environment-variable access.
pkgs/python/[email protected]/litellm/main.py:2794
                or os.environ.get("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #edab2c0f50c59806 Environment-variable access.
pkgs/python/[email protected]/litellm/main.py:2840
                or os.environ.get("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #789deed7da99e9c7 Environment-variable access.
pkgs/python/[email protected]/litellm/main.py:3103
                or os.environ.get("HF_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c94d9a1fe03b8cf Environment-variable access.
pkgs/python/[email protected]/litellm/main.py:3104
                or os.environ.get("HUGGINGFACE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #749cf728a4b4f40e Environment-variable access.
pkgs/python/[email protected]/litellm/main.py:3198
                or os.getenv("DATABRICKS_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13188302e09078a2 Environment-variable access.
pkgs/python/[email protected]/litellm/main.py:4006
                or os.environ.get("OLLAMA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #2e06948ce335ce58 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/main.py:4284
            resp = litellm.module_level_client.post(
                url,
                headers=headers,
                json={
                    "model": model,
                    "params": {
                        "prompt": [prompt],
                        "max_tokens": max_tokens,
                        "temperature": temperature,
                        "top_p": top_p,
                        "top_k": kwargs.get("top_k"),
                    },
                    **kwargs.get("extra_body", {}),
                },
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #9c6ab3145307164f Filesystem access.
pkgs/python/[email protected]/litellm/ocr/main.py:404
        with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #c4bb808be91d87cf Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/_experimental/mcp_server/discoverable_endpoints.py:233
    response = await async_client.post(
        mcp_server.token_url,
        headers={"Accept": "application/json"},
        data=token_data,
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #955fd036e0ac07af Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/_experimental/mcp_server/discoverable_endpoints.py:299
    response = await async_client.post(
        mcp_server.registration_url,
        headers=headers,
        json=register_data,
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f78312a2ef86d44f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/_experimental/mcp_server/oauth2_token_cache.py:101
            response = await client.post(server.token_url, data=data)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #2d8d21fdf93d2f96 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/_experimental/mcp_server/openapi_to_mcp_generator.py:88
    with open(filepath, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #cbe46276f884d4e1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/_experimental/mcp_server/openapi_to_mcp_generator.py:377
            response = await client.post(
                url, params=params, json=json_body, headers=effective_headers
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #bae8cae8fa081437 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/_experimental/mcp_server/openapi_to_mcp_generator.py:381
            response = await client.put(
                url, params=params, json=json_body, headers=effective_headers
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #4e6f80abae60b0c2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/_experimental/mcp_server/utils.py:13
MCP_TOOL_PREFIX_SEPARATOR = os.environ.get("MCP_TOOL_PREFIX_SEPARATOR", "-")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0529087d13e9996 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/_logging.py:11
log_level = os.getenv("LITELLM_LOG", "INFO")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0457d9730f36d320 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/agent_endpoints/endpoints.py:57
    os.environ.get("LITELLM_AGENT_HEALTH_CHECK_TIMEOUT", "5.0")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2dc9a42fea4056a7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/agent_endpoints/endpoints.py:60
    os.environ.get("LITELLM_AGENT_HEALTH_CHECK_GATHER_TIMEOUT", "30.0")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb72e4df4ba9e74d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/auth_utils.py:652
    microsoft_client_id = os.getenv("MICROSOFT_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22c873ee8fe381da Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/auth_utils.py:653
    google_client_id = os.getenv("GOOGLE_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71a13b67244c4538 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/auth_utils.py:654
    generic_client_id = os.getenv("GENERIC_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6f5dea32a7556b0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/handle_jwt.py:515
        keys_url = os.getenv("JWT_PUBLIC_KEY_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d907a164ccc4ada2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/handle_jwt.py:681
        audience = os.getenv("JWT_AUDIENCE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43c3b49f96095595 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/litellm_license.py:28
        self.license_str = os.getenv("LITELLM_LICENSE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7dd0b74dfd30b4a1 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/auth/litellm_license.py:46
                with open(_path_to_public_key, "rb") as key_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #777ff58d2e298331 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/litellm_license.py:111
                self.license_str = os.getenv("LITELLM_LICENSE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29b8903298135210 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/login_utils.py:50
    ui_username = os.getenv("UI_USERNAME", "admin")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24b6c5744dd9c742 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/login_utils.py:51
    ui_password = os.getenv("UI_PASSWORD", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa2f8219df1490b9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/login_utils.py:157
            os.getenv("PROXY_ADMIN_ID", None) is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #280c80e3157a964a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/login_utils.py:158
            and os.environ["PROXY_ADMIN_ID"] == user_id

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db1237985a127c8e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/login_utils.py:161
            key_user_id = os.getenv("PROXY_ADMIN_ID", LITELLM_PROXY_ADMIN_NAME)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #906740a5cab90ec6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/login_utils.py:176
        if os.getenv("DATABASE_URL") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4be5e1affe5c1087 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/login_utils.py:264
            if os.getenv("DATABASE_URL") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9649f76457f2d42f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:142
        token_info_endpoint = os.getenv("OAUTH_TOKEN_INFO_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #632ff4fa79912c65 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:143
        user_id_field_name = os.environ.get("OAUTH_USER_ID_FIELD_NAME", "sub")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57ec4193e716f80f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:144
        user_role_field_name = os.environ.get("OAUTH_USER_ROLE_FIELD_NAME", "role")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #376b0f9503f65b8c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:145
        user_team_id_field_name = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b77e0683d389f4a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:145
        user_team_id_field_name = os.environ.get(
            "OAUTH_USER_TEAM_ID_FIELD_NAME", "team_id"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc58d291305a1d8c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:150
        oauth_client_id = os.environ.get("OAUTH_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #480058e2cfc0064e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:151
        oauth_client_secret = os.environ.get("OAUTH_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #36862509543a55a5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/auth/oauth2_check.py:178
                response = await client.post(
                    token_info_endpoint, headers=headers, data=data
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #4907fbedceeb8f77 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:80
            oidc_token = open(aws_web_identity_token).read()  # check if filepath

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f1fcda1e9711450 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:169
            aws_region_name=os.getenv("AWS_REGION_NAME"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #935b418511e5d637 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:170
            aws_access_key_id=os.getenv("AWS_ACCESS_KEY_ID"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fef2c31666fde68 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:171
            aws_secret_access_key=os.getenv("AWS_SECRET_ACCESS_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ac02a2c2eb030af Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:172
            aws_session_name=os.getenv("AWS_SESSION_NAME"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7439cc497f253c13 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:173
            aws_profile_name=os.getenv("AWS_PROFILE_NAME"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52f16d4271189717 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:174
            aws_role_name=os.getenv("AWS_ROLE_NAME", os.getenv("AWS_ROLE_ARN")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bd24e244944808f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:175
            aws_web_identity_token=os.getenv(
                "AWS_WEB_IDENTITY_TOKEN", os.getenv("AWS_WEB_IDENTITY_TOKEN_FILE")
            ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a94bec242a1c1a41 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/auth/rds_iam_token.py:176
                "AWS_WEB_IDENTITY_TOKEN", os.getenv("AWS_WEB_IDENTITY_TOKEN_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #1a4b1aa373274835 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/client/chat.py:163
            response = session.post(
                url, headers=self._get_headers(), json=data, stream=True
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #20e796d65e580190 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/client/cli/commands/auth.py:29
    with open(token_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #caf1f684e41cc43e Filesystem access.
pkgs/python/[email protected]/litellm/proxy/client/cli/commands/auth.py:42
        with open(token_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #064f0d8f83363559 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/client/cli/commands/chat.py:287
        with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff54a6b772731a49 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/client/cli/commands/chat.py:308
        with open(filename, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #028b02e83ab105c8 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/client/cli/commands/models.py:393
    with open(yaml_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #add1cd5aa3f73733 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/client/health.py:32
        return self._http.request("GET", "/health/readiness")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #dfa0f84716b28ce0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/client/users.py:55
        response = requests.post(url, headers=self._get_headers(), json=user_data)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #899d491d8dbe1072 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/client/users.py:64
        response = requests.post(
            url, headers=self._get_headers(), json={"user_ids": user_ids}
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #24a1bdb55fcfd764 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/common_utils/debug_utils.py:88
if os.environ.get("LITELLM_PROFILE", "false").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c445ae343a2bc0be Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/common_utils/debug_utils.py:797
            litellm_log_setting = os.environ.get("LITELLM_LOG", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #343dda21a8fd6e19 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/common_utils/encrypt_decrypt_utils.py:11
    salt_key = os.getenv("LITELLM_SALT_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d33a2fe8db98938d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/common_utils/html_forms/ui_login.py:5
url_to_redirect_to = os.getenv("PROXY_BASE_URL", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a473b03b24a223c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/common_utils/html_forms/ui_login.py:6
server_root_path = os.getenv("SERVER_ROOT_PATH", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6b62fa86b6b3bd7 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/common_utils/load_config_utils.py:112
        with open(local_file_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1f3c1fd4556d217 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/common_utils/load_config_utils.py:161
        with open(local_file_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf1b2f374b8ea32e Filesystem access.
pkgs/python/[email protected]/litellm/proxy/container_endpoints/handler_factory.py:27
    with open(config_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ec791a0435e8678 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/check_migration.py:95
        db_url = os.getenv("DATABASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d3516281e5d1d9d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/db_spend_update_writer.py:721
        spend_logs_url: Optional[str] = os.getenv("SPEND_LOGS_URL"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2fba68420330be3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/dynamo_db.py:69
        os.environ["AWS_ACCESS_KEY_ID"] = aws_access_key_id

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92a7cc0cb7c7a77d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/dynamo_db.py:70
        os.environ["AWS_SECRET_ACCESS_KEY"] = aws_secret_access_key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #530b2e7653dedc60 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/dynamo_db.py:71
        os.environ["AWS_SESSION_TOKEN"] = aws_session_token

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ded64b11c66a353 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:112
        db_url = os.getenv("DATABASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed599fca0cd70b16 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:158
            db_host = os.getenv("DATABASE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac7018a64cc1e6a4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:159
            db_port = os.getenv("DATABASE_PORT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b276d386f9d437a3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:160
            db_user = os.getenv("DATABASE_USER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2fbeeac002a7b026 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:161
            db_name = os.getenv("DATABASE_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d80e50e50091a723 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:162
            db_schema = os.getenv("DATABASE_SCHEMA")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83c125e6242d6e56 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:172
            os.environ["DATABASE_URL"] = _db_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70af473967ebd3f2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:312
            db_url = os.getenv("DATABASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #341501a837b80d6a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/db/prisma_client.py:433
        disable_updates = os.getenv("DISABLE_SCHEMA_UPDATE", "false")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7be8364fbe810d62 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/discovery_endpoints/ui_discovery_endpoints.py:24
        os.getenv("AUTO_REDIRECT_UI_LOGIN_TO_SSO", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c90afa48b9496eb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/discovery_endpoints/ui_discovery_endpoints.py:27
    admin_ui_disabled = os.getenv("DISABLE_ADMIN_UI", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b4d27e6c03350dc Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/example_config_yaml/custom_auth.py:10
        modified_master_key = f"{os.getenv('LITELLM_MASTER_KEY')}-1234"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d62976bfabf199b Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_endpoints.py:1310
        with open(category_file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a140339c5dbae88 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_endpoints.py:1349
        with open(airlines_path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #436526d597d4c534 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/aim/aim.py:51
        self.api_key = api_key or os.environ.get("AIM_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42de71d9a7b526b6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/aim/aim.py:59
            api_base or os.environ.get("AIM_API_BASE") or "https://api.aim.security"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f8827443463cee9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/aporia_ai/aporia_ai.py:48
        self.aporia_api_key = api_key or os.environ["APORIO_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a06bc777fc2a2cad Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/aporia_ai/aporia_ai.py:49
        self.aporia_api_base = api_base or os.environ["APORIO_API_BASE"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #068b965885f8fd13 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/crowdstrike_aidr/crowdstrike_aidr.py:58
        self.api_key = api_key or os.environ.get("CS_AIDR_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93bcc807bb0f87f4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/crowdstrike_aidr/crowdstrike_aidr.py:64
        self.api_base = api_base or os.environ.get("CS_AIDR_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5fe480e0c5e7e358 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/dynamoai/dynamoai.py:56
        self.api_key = api_key or os.getenv("DYNAMOAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69420ad9ee081d2a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/dynamoai/dynamoai.py:62
        self.api_base = api_base or os.getenv(
            "DYNAMOAI_API_BASE", "https://api.dynamo.ai"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af379afe42b2a188 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/dynamoai/dynamoai.py:68
        self.model_id = model_id or os.getenv("DYNAMOAI_MODEL_ID", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f84b7cb6aa9926b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/dynamoai/dynamoai.py:71
        env_policy_ids = os.getenv("DYNAMOAI_POLICY_IDS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6d5bf2979bfb970 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/enkryptai/enkryptai.py:67
        self.api_key = api_key or os.getenv("ENKRYPTAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cf5092f966a641b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/enkryptai/enkryptai.py:73
        self.api_base = api_base or os.getenv(
            "ENKRYPTAI_API_BASE", "https://api.enkryptai.com"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e84f00aeb125732d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/generic_guardrail_api/generic_guardrail_api.py:203
        base_url = api_base or os.environ.get("GENERIC_GUARDRAIL_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1f4ec3ffd6a1b02 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/grayswan/grayswan.py:84
        api_key_value = api_key or os.getenv("GRAYSWAN_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d221fe8295087e54 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/grayswan/grayswan.py:91
        base = api_base or os.getenv("GRAYSWAN_API_BASE") or self.BASE_API_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78db18edd54cbe3b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/grayswan/grayswan.py:639
        env_val = os.getenv("GRAYSWAN_VIOLATION_THRESHOLD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60d74520c83ed018 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/grayswan/grayswan.py:650
        env_val = os.getenv("GRAYSWAN_REASONING_MODE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b64bb047a045dcde Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/guardrails_ai/guardrails_ai.py:74
            api_base or os.getenv("GUARDRAILS_AI_API_BASE") or "http://0.0.0.0:8000"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #f0efe803af976fc5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:46
    resp = requests.post(token_url, auth=HTTPBasicAuth(api_id, api_key))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #e35fa378e77d3e84 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:72
        self.hiddenlayer_client_id = api_id or os.getenv("HIDDENLAYER_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b9d1dd3778c1b44 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:73
        self.hiddenlayer_client_secret = api_key or os.getenv(
            "HIDDENLAYER_CLIENT_SECRET"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96c46956cf5f9041 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:78
            or os.getenv("HIDDENLAYER_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c88d976418a4bbc4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:85
            or os.getenv("HIDDENLAYER_AUTH_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #38989c067b0311a1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:218
            response = await self._http_client.post(
                f"{self.api_base}/detection/v1/interactions",
                json=data,
                headers=headers,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #0c3c6ea4c6c38645 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/hiddenlayer/hiddenlayer.py:239
                response = await self._http_client.post(
                    f"{self.api_base}/detection/v1/interactions",
                    json=data,
                    headers=headers,
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #10cf03e4622953bf Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/ibm_guardrails/ibm_detector.py:54
        self.auth_token = auth_token or os.getenv("IBM_GUARDRAILS_AUTH_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18ccb8ca0d1447ca Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lakera_ai.py:62
        self.lakera_api_key = api_key or os.environ.get("LAKERA_API_KEY") or ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ba170a4566c9cfb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lakera_ai_v2.py:60
        self.lakera_api_key = api_key or os.environ.get("LAKERA_API_KEY") or ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05619e8be63367aa Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lasso/lasso.py:103
        self.lasso_api_key = lasso_api_key or api_key or os.environ.get("LASSO_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #453024e131fcebc1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lasso/lasso.py:104
        self.user_id = user_id or os.environ.get("LASSO_USER_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8cfa17234e7e8d3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lasso/lasso.py:105
        self.conversation_id = conversation_id or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4274690f60592f5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lasso/lasso.py:105
        self.conversation_id = conversation_id or os.environ.get(
            "LASSO_CONVERSATION_ID"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa314d56d6e46fe1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/lasso/lasso.py:118
            or os.getenv("LASSO_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc7ea1993a098ebf Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/competitor_intent/airline.py:124
        with open(_MAJOR_AIRLINES_PATH, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e513cb520053e505 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/content_filter.py:604
        with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9d5a1a5e903caeb Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/content_filter.py:630
        with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79d97fe8f4e6a0ac Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/content_filter.py:736
            with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76f65e391b9aa6a7 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/guardrail_benchmarks/test_eval.py:40
    with open(path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e6fe327c09f3b68 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/guardrail_benchmarks/test_eval.py:147
    with open(result_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d444e309cce63886 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/guardrail_benchmarks/test_eval.py:562
    not os.environ.get("OPENAI_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5ac6ca96fced24b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/guardrail_benchmarks/test_eval.py:581
    not os.environ.get("ANTHROPIC_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9e9cb1eef06114e Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/patterns.py:18
    with open(json_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23448d93d100f242 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/patterns.py:161
                with open(category_file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0f6cba277cc5bca Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:132
        self.api_key = api_key or os.environ.get("NOMA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da3f32bcedef3928 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:133
        self.api_base = api_base or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ccc0345982cfe8d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:133
        self.api_base = api_base or os.environ.get(
            "NOMA_API_BASE", NomaGuardrail._DEFAULT_API_BASE
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #530eacef645964ab Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:136
        self.application_id = application_id or os.environ.get("NOMA_APPLICATION_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4566329b93d835a0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:141
                os.environ.get("NOMA_MONITOR_MODE", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd809a66c57b4445 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:148
                os.environ.get("NOMA_BLOCK_FAILURES", "true").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69c331d0cf1b662a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma.py:155
                os.environ.get("NOMA_ANONYMIZE_INPUT", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16dae15df61f16b9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma_v2.py:61
        self.api_key = api_key or os.environ.get("NOMA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #598e889e5ec990dc Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma_v2.py:63
            api_base or os.environ.get("NOMA_API_BASE") or _DEFAULT_API_BASE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e852282f907bd8ab Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma_v2.py:65
        self.application_id = application_id or os.environ.get("NOMA_APPLICATION_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af972f69bd066054 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma_v2.py:68
                os.environ.get("NOMA_MONITOR_MODE", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca354540dd0e1ff0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/noma/noma_v2.py:75
                os.environ.get("NOMA_BLOCK_FAILURES", "true").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32821bde5f7f7e23 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/onyx/onyx.py:38
        timeout = timeout or int(os.getenv("ONYX_TIMEOUT", 10.0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c816b1d9f8eb2562 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/onyx/onyx.py:43
        self.api_base = api_base or os.getenv(
            "ONYX_API_BASE",
            "https://ai-guard.onyx.security",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #481d6061ad35d2af Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/onyx/onyx.py:47
        self.api_key = api_key or os.getenv("ONYX_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ac31306043fcd47 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/openai/moderations.py:102
            os.environ.get("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb6f1efae558b28e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pangea/pangea.py:83
        self.api_key = api_key or os.environ.get("PANGEA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe3a08d9fd610205 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pangea/pangea.py:92
            or os.environ.get("PANGEA_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33ac6622542b7886 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/panw_prisma_airs/panw_prisma_airs.py:112
        self.api_key = api_key or os.getenv("PANW_PRISMA_AIRS_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f98827b231b36e3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/panw_prisma_airs/panw_prisma_airs.py:115
            or os.getenv("PANW_PRISMA_AIRS_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #a47c15918fb488b0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/panw_prisma_airs/panw_prisma_airs.py:372
            response = await async_client.client.post(  # type: ignore[attr-defined]
                f"{self.api_base}/v1/scan/sync/request",
                headers=headers,
                json=payload,
                timeout=self.timeout,
                follow_redirects=False,  # Prevent redirect attacks
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #aeb3c7bbe58f2374 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:215
        self.api_key = api_key or os.environ.get("PILLAR_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ec90dc1ce94c36d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:224
        self.api_base = api_base or os.getenv("PILLAR_API_BASE") or self.BASE_API_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c5b3b1aae73eb01 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:227
        action = on_flagged_action or os.environ.get("PILLAR_ON_FLAGGED_ACTION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3bb5a588825464c6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:267
        action = fallback_on_error or os.environ.get("PILLAR_FALLBACK_ON_ERROR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbe0815525f86245 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:287
                    os.environ.get("PILLAR_TIMEOUT", str(self.DEFAULT_TIMEOUT))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d99ce9242d219c0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:291
                    f"Pillar Guardrail: Invalid PILLAR_TIMEOUT value '{os.environ.get('PILLAR_TIMEOUT')}', "

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f79fcbfa64adac47 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/pillar/pillar.py:633
            env_value = os.getenv(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d3405081aff0f7f Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/presidio.py:145
                with open(ad_hoc_recognizers, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #8ecc76cfe3660ea1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/presidio.py:356
                async with session.post(
                    analyze_url,
                    json=analyze_payload,
                    headers={"Accept": "application/json"},
                ) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #fcac6442920a76bf Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/presidio.py:462
                async with session.post(
                    anonymize_url,
                    json=anonymize_payload,
                    headers={"Accept": "application/json"},
                ) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #0a6246a39f92db73 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/prompt_security/prompt_security.py:41
        self.api_key = api_key or os.environ.get("PROMPT_SECURITY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f20612f654fa2dd8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/prompt_security/prompt_security.py:42
        self.api_base = api_base or os.environ.get("PROMPT_SECURITY_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f00f208ad271b80 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/prompt_security/prompt_security.py:43
        self.user = user or os.environ.get("PROMPT_SECURITY_USER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ffafe974673a7f0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/prompt_security/prompt_security.py:44
        self.system_prompt = system_prompt or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9f7ee3a053e59c9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/prompt_security/prompt_security.py:44
        self.system_prompt = system_prompt or os.environ.get(
            "PROMPT_SECURITY_SYSTEM_PROMPT"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5cb46a4dc1311ba Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/prompt_security/prompt_security.py:52
            check_tool_results_env = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ddcd8769675d8afe Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/prompt_security/prompt_security.py:52
            check_tool_results_env = os.environ.get(
                "PROMPT_SECURITY_CHECK_TOOL_RESULTS", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d491df9979f77697 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/qualifire/qualifire.py:68
            or os.environ.get("QUALIFIRE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #520b4d9d4d3da51b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/qualifire/qualifire.py:73
            or os.environ.get("QUALIFIRE_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94b766785bfc0573 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/semantic_guard/route_loader.py:38
        with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #218408a3ea1ad95a Filesystem access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/semantic_guard/route_loader.py:58
        with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1e49c91f9c07f42 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/zscaler_ai_guard/zscaler_ai_guard.py:41
        self.zscaler_ai_guard_url = api_base or os.getenv(
            "ZSCALER_AI_GUARD_URL",
            "https://api.us1.zseclipse.net/v1/detection/execute-policy",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8138714f9973b2de Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/zscaler_ai_guard/zscaler_ai_guard.py:48
            else int(os.getenv("ZSCALER_AI_GUARD_POLICY_ID", -1))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e86df5d66967d41e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/zscaler_ai_guard/zscaler_ai_guard.py:50
        self.api_key = api_key or os.getenv("ZSCALER_AI_GUARD_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d77116588c3db31f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/zscaler_ai_guard/zscaler_ai_guard.py:54
            else os.getenv("SEND_USER_API_KEY_ALIAS", "False").lower() in ("true", "1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9e9bb50097ecec4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/zscaler_ai_guard/zscaler_ai_guard.py:59
            else os.getenv("SEND_USER_API_KEY_USER_ID", "False").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5a49a2d7d9b6cbe Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/zscaler_ai_guard/zscaler_ai_guard.py:65
            else os.getenv("SEND_USER_API_KEY_TEAM_ID", "False").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #dc383794d769955e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy/guardrails/guardrail_hooks/zscaler_ai_guard/zscaler_ai_guard.py:280
        response = await async_client.post(
            f"{url}",
            headers=headers,
            json=data,
            timeout=GUARDRAIL_TIMEOUT,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #11158c6dd296b2ea Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/health_endpoints/_health_endpoints.py:450
                user_email=os.getenv("TEST_EMAIL_ADDRESS"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5edd7508ea04ee3a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/__init__.py:33
if os.getenv("LEGACY_MULTI_INSTANCE_RATE_LIMITING", "false").lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e28da65fea1d32bb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/dynamic_rate_limiter.py:121
                if os.getenv("LITELLM_LICENSE", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3bf6e61c44a138b4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/dynamic_rate_limiter_v3.py:122
            if os.getenv("LITELLM_LICENSE", None) is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d6a238880f2addf Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/max_budget_per_session_limiter.py:70
            os.getenv(
                "LITELLM_MAX_BUDGET_PER_SESSION_TTL",
                DEFAULT_MAX_BUDGET_PER_SESSION_TTL,
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6157f1bc28abc392 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/max_iterations_limiter.py:73
            os.getenv("LITELLM_MAX_ITERATIONS_TTL", DEFAULT_MAX_ITERATIONS_TTL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2681f08ba2358d60 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/parallel_request_limiter_v3.py:169
        self.window_size = int(os.getenv("LITELLM_RATE_LIMIT_WINDOW_SIZE", 60))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94efacacd2fbbd06 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/hooks/responses_id_security.py:182
        salt_key = os.getenv("LITELLM_SALT_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e98675a326b5ff2 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/callback_management_endpoints.py:51
    with open(config_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c343a26659058766 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/config_override_endpoints.py:80
        env_value = os.environ.get(env_var_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6019468973263c19 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/config_override_endpoints.py:122
            os.environ[env_var_name] = str(value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb578ea0b44cb3c5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/config_override_endpoints.py:124
            os.environ.pop(env_var_name, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10cf4540092cbc80 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/key_management_endpoints.py:3447
    grace_period_value = grace_period or os.getenv(
        "LITELLM_KEY_ROTATION_GRACE_PERIOD", ""
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b861d3c51842a77 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/mcp_management_endpoints.py:1927
            with open(_MCP_REGISTRY_PATH, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb7ee7e034a9a0e8 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/mcp_management_endpoints.py:2000
        with open(_OPENAPI_REGISTRY_PATH, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14f59ed409975f46 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/policy_endpoints/endpoints.py:636
    with open(path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42d359bc88d5f19a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/policy_endpoints/endpoints.py:656
    use_local = os.getenv("LITELLM_LOCAL_POLICY_TEMPLATES", "").strip().lower() in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5066d7aa2d53fdd8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/sso/custom_microsoft_sso.py:59
        custom_authorization_endpoint = os.getenv(
            "MICROSOFT_AUTHORIZATION_ENDPOINT", None
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0da2712c25b7060a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/sso/custom_microsoft_sso.py:62
        custom_token_endpoint = os.getenv("MICROSOFT_TOKEN_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a6bd938674a1133 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/sso/custom_microsoft_sso.py:63
        custom_userinfo_endpoint = os.getenv("MICROSOFT_USERINFO_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9e28cb33dec50ed Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:276
                generic_user_role_attribute_name = os.getenv(
                    "GENERIC_USER_ROLE_ATTRIBUTE", "role"
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e389cbd53b6146c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:316
    microsoft_client_id = os.getenv("MICROSOFT_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b2a6e5b5b7739c2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:317
    google_client_id = os.getenv("GOOGLE_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ed59fcbb63aa09b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:318
    generic_client_id = os.getenv("GENERIC_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1ee129b43275102 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:321
    _disable_ui_flag = os.getenv("DISABLE_ADMIN_UI")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13ef37952c675874 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:356
    ui_username = os.getenv("UI_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09fdbc9200e54545 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:423
    generic_user_id_attribute_name = os.getenv(
        "GENERIC_USER_ID_ATTRIBUTE", "preferred_username"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76fb766f8727fe6d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:426
    generic_user_display_name_attribute_name = os.getenv(
        "GENERIC_USER_DISPLAY_NAME_ATTRIBUTE", "sub"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d783166d4fe45812 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:429
    generic_user_email_attribute_name = os.getenv(
        "GENERIC_USER_EMAIL_ATTRIBUTE", "email"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2edbc78c68dd156 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:433
    generic_user_first_name_attribute_name = os.getenv(
        "GENERIC_USER_FIRST_NAME_ATTRIBUTE", "first_name"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3748fbca5f695c9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:436
    generic_user_last_name_attribute_name = os.getenv(
        "GENERIC_USER_LAST_NAME_ATTRIBUTE", "last_name"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4fd7ac69825e8d46 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:440
    generic_provider_attribute_name = os.getenv(
        "GENERIC_USER_PROVIDER_ATTRIBUTE", "provider"
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d12abf07edd4e27 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:444
    generic_user_role_attribute_name = os.getenv("GENERIC_USER_ROLE_ATTRIBUTE", "role")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aaaf9aa700cd9095 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:446
    generic_user_extra_attributes = os.getenv("GENERIC_USER_EXTRA_ATTRIBUTES", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f915da9b2d25346 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:549
    generic_client_secret = os.getenv("GENERIC_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f91cd3b196a25ba Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:550
    generic_scope = os.getenv("GENERIC_SCOPE", "openid email profile").split(" ")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2cfa13375b027249 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:551
    generic_authorization_endpoint = os.getenv("GENERIC_AUTHORIZATION_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb93cba36471ff2f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:552
    generic_token_endpoint = os.getenv("GENERIC_TOKEN_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52da3e0f88bbffd1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:553
    generic_userinfo_endpoint = os.getenv("GENERIC_USERINFO_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a2fab08f91d78de Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:555
        os.getenv("GENERIC_INCLUDE_CLIENT_ID", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24b3158612a07fbf Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:678
    generic_role_mappings = os.getenv("GENERIC_ROLE_MAPPINGS_ROLES", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #491a19eeec5e20a5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:679
    generic_role_mappings_group_claim = os.getenv(
        "GENERIC_ROLE_MAPPINGS_GROUP_CLAIM", None
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bfa521a82a23c35 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:682
    generic_role_mappoings_default_role = os.getenv(
        "GENERIC_ROLE_MAPPINGS_DEFAULT_ROLE", None
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca32b4fc0a0052b2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:719
    raw = os.getenv("GENERIC_SSO_HEADERS", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c592227b2e7b2abc Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:743
    pkce_configured = os.getenv("GENERIC_CLIENT_USE_PKCE", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0fb4a968ca19875 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1202
    proxy_admin_id = os.getenv("PROXY_ADMIN_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fad11dbd97f54e1e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1255
    microsoft_client_id = os.getenv("MICROSOFT_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef12b056b7e90242 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1256
    google_client_id = os.getenv("GOOGLE_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49d25bd1e16019b2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1257
    generic_client_id = os.getenv("GENERIC_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fe417b6140158cd Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1647
    _proxy_base_url = os.getenv("PROXY_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64865d13177e31df Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1648
    _logout_url = os.getenv("PROXY_LOGOUT_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d3633d3839db265 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1649
    _api_doc_base_url = os.getenv("LITELLM_UI_API_DOC_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8da382a4320d6da Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1656
    if "PROXY_DEFAULT_TEAM_DISABLED" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ab1cc67357e3d15 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1657
        if os.environ["PROXY_DEFAULT_TEAM_DISABLED"].lower() == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8572a17c4655c0d1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1683
    microsoft_client_id = os.getenv("MICROSOFT_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb94830cb40f7bd6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1684
    google_client_id = os.getenv("GOOGLE_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71cf955f022b235c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1685
    generic_client_id = os.getenv("GENERIC_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5bfa89c4c25f1cf3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1708
        google_client_secret = os.getenv("GOOGLE_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9f273b908ad1120 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1713
        microsoft_client_secret = os.getenv("MICROSOFT_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0075a08016ca273f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1714
        microsoft_tenant = os.getenv("MICROSOFT_TENANT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0c9a9331b74a1ae Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1721
        generic_client_secret = os.getenv("GENERIC_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70623480ef7c5a29 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1722
        generic_authorization_endpoint = os.getenv(
            "GENERIC_AUTHORIZATION_ENDPOINT", None
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #244939d394e74faf Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1725
        generic_token_endpoint = os.getenv("GENERIC_TOKEN_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f167d0b9f43c4354 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1726
        generic_userinfo_endpoint = os.getenv("GENERIC_USERINFO_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4800ffccdf43bede Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1787
            google_client_secret = os.getenv("GOOGLE_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cdf9155c7e24e885 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1807
            microsoft_client_secret = os.getenv("MICROSOFT_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a3f2f7a92d7ee04 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1808
            microsoft_tenant = os.getenv("MICROSOFT_TENANT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #610782f6786566f3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1829
            generic_client_secret = os.getenv("GENERIC_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a7bee9c1588e12f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1830
            generic_scope = os.getenv("GENERIC_SCOPE", "openid email profile").split(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33d2c233cd20e4f0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1833
            generic_authorization_endpoint = os.getenv(
                "GENERIC_AUTHORIZATION_ENDPOINT", None
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dee679c16b27ebeb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1836
            generic_token_endpoint = os.getenv("GENERIC_TOKEN_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aeac968fb152cf04 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:1837
            generic_userinfo_endpoint = os.getenv("GENERIC_USERINFO_ENDPOINT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b15041b8c1b76cfc Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2012
            generic_client_state = os.getenv("GENERIC_CLIENT_STATE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58d59b71b767397d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2020
        use_pkce = os.getenv("GENERIC_CLIENT_USE_PKCE", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3104739a23fecf00 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2296
        if user_email is not None and os.getenv("ALLOWED_EMAIL_DOMAINS") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17e60d944bb6c8d1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2298
            allowed_domains = os.getenv("ALLOWED_EMAIL_DOMAINS").split(",")  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #532a7c9ecbf9f4db Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2325
            generic_user_role_attribute_name = os.getenv(
                "GENERIC_USER_ROLE_ATTRIBUTE", "role"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3462ad1a2ed1093b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2568
        use_pkce = os.getenv("GENERIC_CLIENT_USE_PKCE", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e0afac2d16e623e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:2662
            os.getenv("PKCE_STRICT_CACHE_MISS", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31603f074f3c7801 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3114
        microsoft_client_secret = os.getenv("MICROSOFT_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65e8992f2dc58fe8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3115
        microsoft_tenant = os.getenv("MICROSOFT_TENANT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ca81f9d6da61b83 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3273
            service_principal_id = os.getenv("MICROSOFT_SERVICE_PRINCIPAL_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73d87120761518c8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3477
        google_client_secret = os.getenv("GOOGLE_CLIENT_SECRET", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #affdf4f164e56d00 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3514
    microsoft_client_id = os.getenv("MICROSOFT_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9296386d8de54ccb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3515
    google_client_id = os.getenv("GOOGLE_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f08523d3cbb93b4c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3516
    generic_client_id = os.getenv("GENERIC_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f240bd0140a62cd Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3588
    microsoft_client_id = os.getenv("MICROSOFT_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #744764a1d1e09260 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3589
    google_client_id = os.getenv("GOOGLE_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #177bf71cdeaea273 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3590
    generic_client_id = os.getenv("GENERIC_CLIENT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c56fe05ea7e338d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/management_endpoints/ui_sso.py:3592
    redirect_url = os.getenv("PROXY_BASE_URL", str(request.base_url))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98c441a00c22f84b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/middleware/in_flight_requests_middleware.py:65
            if "PROMETHEUS_MULTIPROC_DIR" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b95a970455604e03 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:205
        os.getenv("GEMINI_API_BASE") or "https://generativelanguage.googleapis.com"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5582812cb6ac006 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:266
    base_target_url = os.getenv("COHERE_API_BASE") or "https://api.cohere.com"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #965214f3b3f9cd55 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:392
    base_target_url = os.getenv("MISTRAL_API_BASE") or "https://api.mistral.ai"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ec0d4e32b5eea1c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:588
    base_target_url = os.getenv("ANTHROPIC_API_BASE") or "https://api.anthropic.com"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72380a24c54bc748 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:1965
    base_target_url = os.getenv("OPENAI_API_BASE") or "https://api.openai.com/"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f0c15b3396aa2c7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/pass_through_endpoints/llm_passthrough_endpoints.py:2129
    base_target_url = os.getenv("CURSOR_API_BASE") or "https://api.cursor.com"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0fa7d9fdcd70566d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/prometheus_cleanup.py:35
    if not os.environ.get("PROMETHEUS_MULTIPROC_DIR"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f31027bf32a45dd9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:27
litellm_mode = os.getenv("LITELLM_MODE", "DEV")  # "PRODUCTION", "DEV"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b23e89400a7ac7f0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:283
        if os.environ.get("PROMETHEUS_MULTIPROC_DIR"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ba76bdc3c8e2f91 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:305
            with open(os.devnull, "w") as devnull:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1fa0e4c9a4161469 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:359
        multiproc_dir = os.environ.get("PROMETHEUS_MULTIPROC_DIR") or os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f0a21d2969eec28 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:359
        multiproc_dir = os.environ.get("PROMETHEUS_MULTIPROC_DIR") or os.environ.get(
            "prometheus_multiproc_dir"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43833df7647177a1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:368
            os.environ["PROMETHEUS_MULTIPROC_DIR"] = multiproc_dir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64a05f33acd6b8ec Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:694
            db_host = os.getenv("DATABASE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0eb6a7252efc86f1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:695
            db_port = os.getenv("DATABASE_PORT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b60c573d850774d1 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:696
            db_user = os.getenv("DATABASE_USER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a89bb07d7539b58d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:697
            db_name = os.getenv("DATABASE_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67e6924f2f32a59c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:698
            db_schema = os.getenv("DATABASE_SCHEMA")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f495aaa3bc31296 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:709
            os.environ["DATABASE_URL"] = _db_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf67675a087b1a81 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:710
            os.environ["IAM_TOKEN_DB_AUTH"] = "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #593bca68dfe54cbe Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:717
            os.getenv("USE_AWS_KMS", None) is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1093a4752184a04 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:718
            and os.getenv("USE_AWS_KMS") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1450e313bff0921b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:724
                os.environ[k] = v

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9bf18c75ab24e91a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:780
            if database_url is None and os.getenv("DATABASE_URL") is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a759e160aee7eaa0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:786
                    os.environ["DATABASE_URL"] = database_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90506f8a7555af33 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:807
                os.environ["DATABASE_URL"] = database_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a67d9e8f70ccdb6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:810
        if config is None and os.getenv("DATABASE_URL") is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1d1b938ec550c83 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:816
                os.environ["DATABASE_URL"] = database_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #849f948682bda391 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:828
            os.getenv("DATABASE_URL", None) is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42b66077466169f7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:829
            or os.getenv("DIRECT_URL", None) is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0dfc87faef7076f0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:834
                if os.getenv("DATABASE_URL", None) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75026205d5b6302d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:844
                    os.environ["DATABASE_URL"] = modified_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83b66cd1ebd2f8b5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:845
                if os.getenv("DIRECT_URL", None) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50e7f11ea71b7e95 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:851
                    database_url = os.getenv("DIRECT_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae33a79c003876cf Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_cli.py:853
                    os.environ["DIRECT_URL"] = modified_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #816eee364deb9821 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:644
global_max_parallel_request_retries_env: Optional[str] = os.getenv(
    "LITELLM_GLOBAL_MAX_PARALLEL_REQUEST_RETRIES"
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04ed4ca9c41c4898 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:654
global_max_parallel_request_retry_timeout_env: Optional[str] = os.getenv(
    "LITELLM_GLOBAL_MAX_PARALLEL_REQUEST_RETRY_TIMEOUT"
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8722458a8a4b55a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:678
_title = os.getenv("DOCS_TITLE", "LiteLLM API") if premium_user else "LiteLLM API"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ed6586196873ca0 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:680
    os.getenv(
        "DOCS_DESCRIPTION",
        f"Enterprise Edition \n\nProxy Server to call 100+ LLMs in the OpenAI format. {custom_swagger_message}\n\n{ui_message}",
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a490f9389efed3c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:778
    _startup_hooks_env = os.environ.get("LITELLM_WORKER_STARTUP_HOOKS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64c92e9a19b3f059 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:845
        elif os.environ.get("LITELLM_CONFIG_BUCKET_NAME") is not None and isinstance(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd21527bea0a63c6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1106
if os.getenv("DOCS_FILTERED", "False") == "True" and premium_user:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8c73aef268b0fbc Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1246
    is_non_root = os.getenv("LITELLM_NON_ROOT", "").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16f79b0d143e60d5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1255
    runtime_ui_path = os.getenv("LITELLM_UI_PATH", default_runtime_ui_path)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d0e72f0ba79488d Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1356
                        with open(file_path, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7386a234721cb9e7 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1371
                        with open(file_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b9cf1f656c49b9a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1493
root_redirect_url: Optional[str] = os.getenv("ROOT_REDIRECT_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22266f0ef5835b2a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:1664
        KVUri = os.getenv("AZURE_KEY_VAULT_URI", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c4784f4315d96ba Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:2021
        with open(os.devnull, "w") as devnull:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa980a37ca8767e2 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:2311
            with open(file_path, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64359e45ae5bfa1e Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:2334
            with open(f"{file_path}", "r") as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #900e2e6390a1537c Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:2434
            with open(f"{user_config_file_path}", "w") as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d17d0ae6e63158e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:2568
        if os.environ.get("LITELLM_CONFIG_BUCKET_NAME") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ef71859939e2048 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:2569
            bucket_name = os.environ.get("LITELLM_CONFIG_BUCKET_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9dac56960507e20f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:2570
            object_key = os.environ.get("LITELLM_CONFIG_BUCKET_OBJECT_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11717c65ec2f4c7b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:2571
            bucket_type = os.environ.get("LITELLM_CONFIG_BUCKET_TYPE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5fa79970a83658d6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:2713
                        os.environ[key] = resolved_secret_string

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61aa2fcec14242bc Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:2722
                    os.environ[key] = str(value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0538e634cc92c422 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:2726
                _license_check.license_str = os.getenv("LITELLM_LICENSE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ab55732728e828d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3084
            use_pkce = os.getenv("GENERIC_CLIENT_USE_PKCE", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #377b8b1977f0e127 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3250
                    v = os.getenv(_v)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be3b656eb07ae24f Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:3876
                    os.environ[k] = decrypted_value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #573ccce1dd9113e9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:4298
                os.environ[upper_key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2425a52ab10feb8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:5238
    os.environ["WORKER_CONFIG"] = json.dumps(data)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a516c09bcbc8aec Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:5264
    if os.getenv("LITELLM_DONT_SHOW_FEEDBACK_BOX", "").lower() != "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60e440168c470bd8 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:5295
        litellm_log_setting = os.environ.get("LITELLM_LOG", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1503797342e6e1bc Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:5340
        os.environ[

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c0662bc54c6cf1c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:5340
        os.environ[
            "AZURE_API_VERSION"
        ] = api_version  # set this for azure - litellm can read this from the env

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fb05bbc273b3373 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:6305
            if os.getenv("PROMETHEUS_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cdf215496381509 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:6429
            app_name = os.getenv("PYROSCOPE_APP_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e5d63e3b90fe318 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:6435
            server_address = os.getenv("PYROSCOPE_SERVER_ADDRESS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a03e7871a4e8c06 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:6442
            env_name = os.getenv("OTEL_ENVIRONMENT_NAME") or os.getenv(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b240d70210615f15 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:6442
            env_name = os.getenv("OTEL_ENVIRONMENT_NAME") or os.getenv(
                "LITELLM_DEPLOYMENT_ENVIRONMENT",
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b47f278bb5c0400b Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:6447
            sample_rate_env = os.getenv("PYROSCOPE_SAMPLE_RATE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42a6b8c144ec818c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:10954
    ui_username = os.getenv("UI_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26f767d60dfd48f9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:11296
    logo_path = os.getenv("UI_LOGO_PATH", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e6c64737d2e3ded Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:11308
    is_non_root = os.getenv("LITELLM_NON_ROOT", "").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e547e9cccd86f75 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:11313
    assets_dir = os.getenv("LITELLM_ASSETS_PATH", default_assets_dir)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17a08b510e42244e Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:11339
    logo_path = os.getenv("UI_LOGO_PATH", default_logo)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #500378604d899239 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:11370
                with open(cache_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #043413341b9df426 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:11395
    favicon_url = os.getenv("LITELLM_FAVICON_URL", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54a16e5b3749c9ae Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/proxy_server.py:12416
                    _value = os.getenv("SLACK_WEBHOOK_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e683cca8b1273650 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/public_endpoints/public_endpoints.py:143
        files("litellm")
        .joinpath("provider_endpoints_support_backup.json")
        .read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0061f04f84c4b5c Filesystem access.
pkgs/python/[email protected]/litellm/proxy/public_endpoints/public_endpoints.py:304
    with open(provider_create_fields_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8bba0661f1c1485 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/public_endpoints/public_endpoints.py:394
    with open(agent_create_fields_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76807a28e2ddb69b Filesystem access.
pkgs/python/[email protected]/litellm/proxy/public_endpoints/public_endpoints.py:397
    with open(provider_create_fields_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #843ec3d12da2f551 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/spend_tracking/spend_management_endpoints.py:2427
            db_url = os.getenv("DATABASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #130540acb56ae3ff Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/spend_tracking/spend_tracking_utils.py:46
    max_length_str = os.getenv("MAX_STRING_LENGTH_PROMPT_IN_DB")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #732dbbd237d80661 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:724
                os.environ[env_var_name] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab94ddde4f8591f4 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:727
                os.environ.pop(env_var_name, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aca610d36d575896 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:863
        os.environ["UI_LOGO_PATH"] = logo_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad4e5c7482e11249 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:870
        if "UI_LOGO_PATH" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ce8e7c2b258314d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:871
            del os.environ["UI_LOGO_PATH"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e29b9fbafd914929 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:882
        os.environ["LITELLM_FAVICON_URL"] = favicon_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b4a1a7f6c3ede59 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:889
        if "LITELLM_FAVICON_URL" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #812f66a6b275a934 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:890
            del os.environ["LITELLM_FAVICON_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf38016f135223e8 Filesystem access.
pkgs/python/[email protected]/litellm/proxy/ui_crud_endpoints/proxy_setting_endpoints.py:1246
    with open(file_path, "wb") as buffer:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01c64433dab25ca9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:171
    if SendGridEmailLogger is not None and os.getenv("SENDGRID_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0539bb31afcdccb2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:175
    if ResendEmailLogger is not None and os.getenv("RESEND_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd57c7dfd45e7384 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:179
    if SMTPEmailLogger is not None and os.getenv("SMTP_HOST"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #595d413a75b0ac6c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:1583
        _proxy_base_url = os.getenv("PROXY_BASE_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e3f0111fa26b800 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2303
            os.getenv("IAM_TOKEN_DB_AUTH")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed9b3b7e554c1fee Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2341
            1, int(os.getenv("PRISMA_RECONNECT_COOLDOWN_SECONDS", "15"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b85830256a85e193 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2344
            5, int(os.getenv("PRISMA_HEALTH_WATCHDOG_INTERVAL_SECONDS", "30"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3eaaf33eca110c9a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2347
            str_to_bool(os.getenv("PRISMA_HEALTH_WATCHDOG_ENABLED", "true")) is True

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e8f6c0452c7a971 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2351
            float(os.getenv("PRISMA_HEALTH_WATCHDOG_PROBE_TIMEOUT_SECONDS", "5.0")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12d253381315dde7 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2354
            1.0, float(os.getenv("PRISMA_WATCHDOG_RECONNECT_TIMEOUT_SECONDS", "30.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1be01f217d5160a Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2357
            0.5, float(os.getenv("PRISMA_AUTH_RECONNECT_TIMEOUT_SECONDS", "2.0"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7f3ceca6e2200e5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2361
            float(os.getenv("PRISMA_AUTH_RECONNECT_LOCK_TIMEOUT_SECONDS", "0.1")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #773115a81a5871d5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2365
            1, int(os.getenv("PRISMA_RECONNECT_ESCALATION_THRESHOLD", "3"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea67aee10872fce5 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:2461
            pg_schema = os.getenv("DATABASE_SCHEMA", "public")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80294eddec4532a2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:3959
                db_url = os.getenv("DATABASE_URL", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #534e807b1d820c1d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4447
    smtp_host = os.getenv("SMTP_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1e2bd45508d732c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4448
    smtp_port = int(os.getenv("SMTP_PORT", "587"))  # default to port 587

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bb25137cef8188c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4449
    smtp_username = os.getenv("SMTP_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a716a2d7962a94ba Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4450
    smtp_password = os.getenv("SMTP_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #547ce850d5ebd869 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4451
    sender_email = os.getenv("SMTP_SENDER_EMAIL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #477dee053f73b544 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4482
            if os.getenv("SMTP_TLS", "True") != "False":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41dc07e2bf5c42fb Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:4605
                    base_url = os.getenv("SPEND_LOGS_URL", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb838734555cbc16 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5075
    if redoc_url := os.getenv("REDOC_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5b7f0856677e5ff Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5078
    if str_to_bool(os.getenv("NO_REDOC")) is True:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d80c18ea690ba8a3 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5092
    if docs_url := os.getenv("DOCS_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d132f4c607d0a8c Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5095
    if str_to_bool(os.getenv("NO_DOCS")) is True:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48bf7e14ef299d7d Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5218
    return os.getenv("PROXY_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9c3307028642621 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5228
    return os.getenv("SERVER_ROOT_PATH", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3def879147423932 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5280
    database_host = os.getenv("DATABASE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f8b0292da8adf13 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5281
    database_username = os.getenv("DATABASE_USERNAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0473c7b6479298d9 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5282
    database_password = os.getenv("DATABASE_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ec29c671e20b8b2 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5283
    database_name = os.getenv("DATABASE_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9910273f2c1c56c6 Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/utils.py:5284
    database_schema = os.getenv("DATABASE_SCHEMA")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8337a66ddf96eba Environment-variable access.
pkgs/python/[email protected]/litellm/proxy/vertex_ai_endpoints/langfuse_endpoints.py:96
        or os.getenv("LANGFUSE_HOST", "https://cloud.langfuse.com")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #c7d6744dbaae34f7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/proxy_auth/credentials.py:161
        response = httpx.post(
            self.token_url,
            data={
                "grant_type": "client_credentials",
                "client_id": self.client_id,
                "client_secret": self.client_secret,
                "scope": scope,
            },
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #478d18b19c0630ef Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/rag/ingestion/gemini_ingestion.py:154
        response = await client.post(
            url,
            json=request_body,
            headers={"Content-Type": "application/json"},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #dc9e2c073aa4b224 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/rag/ingestion/gemini_ingestion.py:274
        response = await client.post(
            url,
            json=request_body,
            headers=headers,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #73f15cdf817de21a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/rag/ingestion/gemini_ingestion.py:316
        response = await client.put(
            upload_url,
            content=file_content,
            headers=headers,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #35b717e42ff8cfcc Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/rag/ingestion/s3_vectors_ingestion.py:243
            response = await self.async_httpx_client.put(
                url, data=data, headers=signed_headers
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b7b465696dcc98a5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/rag/ingestion/s3_vectors_ingestion.py:247
            response = await self.async_httpx_client.post(
                url, data=data, headers=signed_headers
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4eedbc9156f57988 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/rag/ingestion/vertex_ai_ingestion.py:184
        response = await client.post(
            url,
            json=request_body,
            headers={
                "Authorization": f"Bearer {access_token}",
                "Content-Type": "application/json",
            },
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #33ad25024af7f5b6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/rag/ingestion/vertex_ai_ingestion.py:372
        response = await client.post(
            url,
            files=files,
            headers={
                "Authorization": f"Bearer {access_token}",
                "X-Goog-Upload-Protocol": "multipart",
            },
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2db8c7b9d57a1f0b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/rag/ingestion/vertex_ai_ingestion.py:460
        response = await client.post(
            url,
            json=request_body,
            headers={
                "Authorization": f"Bearer {access_token}",
                "Content-Type": "application/json",
            },
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #7ae7e703a99057fc Environment-variable access.
pkgs/python/[email protected]/litellm/realtime_api/main.py:301
            or os.environ.get("LITELLM_AZURE_REALTIME_PROTOCOL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #203fc22197297405 Environment-variable access.
pkgs/python/[email protected]/litellm/router.py:6906
                    params[param_key] = os.environ.get(env_name, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a86b50bd2e72462c Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:22
    if "AWS_REGION_NAME" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91cf39c6e8447205 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:35
        kms_client = boto3.client("kms", region_name=os.getenv("AWS_REGION_NAME"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f94fe439ec6e0f51 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:56
        if "AWS_REGION_NAME" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d6feeefe0452679 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:62
        if os.getenv("LITELLM_LICENSE", None) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0dcdc105515f6015 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:64
        elif os.getenv("LITELLM_SECRET_AWS_KMS_LITELLM_LICENSE", None) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #944f052e97ca7a4a Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:80
            kms_client = boto3.client("kms", region_name=os.getenv("AWS_REGION_NAME"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b42beb479073e28 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:89
        encrypted_value = os.getenv(secret_name, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0225c701f525174 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager.py:132
    for k, v in os.environ.items():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6191a1a37382b7d8 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager_v2.py:65
            "AWS_REGION_NAME" not in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62415a194b3a9607 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager_v2.py:66
            and "AWS_REGION" not in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0872f5aba0992191 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager_v2.py:67
            and "AWS_DEFAULT_REGION" not in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8d03c8042745e3a Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/aws_secret_manager_v2.py:190
            return os.getenv(secret_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #723959bb3b36611a Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:27
        self.conjur_addr = os.getenv("CYBERARK_API_BASE", "http://127.0.0.1:8080")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56096db29996734b Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:28
        self.conjur_account = os.getenv("CYBERARK_ACCOUNT", "default")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13e774c6490d822c Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:29
        self.conjur_username = os.getenv("CYBERARK_USERNAME", "admin")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #706e0002398f1b53 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:30
        self.conjur_api_key = os.getenv("CYBERARK_API_KEY", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5c2a1196b050619 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:33
        self.tls_cert_path = os.getenv("CYBERARK_CLIENT_CERT", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9660d5607768fa08 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:34
        self.tls_key_path = os.getenv("CYBERARK_CLIENT_KEY", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa29b5c847b1aa03 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:38
        ssl_verify_env = str_to_bool(os.getenv("CYBERARK_SSL_VERIFY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad2efac3dda02ec6 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:51
        _refresh_interval = int(os.environ.get("CYBERARK_REFRESH_INTERVAL", "300"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #686fc6a9202c8f89 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:88
                resp = http_client.post(auth_url, content=self.conjur_api_key)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b7e53f4f0d05e027 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:92
                resp = http_handler.client.post(auth_url, content=self.conjur_api_key)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #af1234f4341952c8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/secret_managers/cyberark_secret_manager.py:133
            resp = client.client.post(
                policy_url,
                headers={
                    **self._get_request_headers(),
                    "Content-Type": "application/x-yaml",
                },
                content=policy_yaml,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #f1ef85be7b4ed340 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:12
        os.environ.get("AZURE_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bc4038fff9c8f60 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:13
        and os.environ.get("AZURE_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af5a6a51adf90e9b Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:14
        and os.environ.get("AZURE_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17dfc4bf076c5933 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:17
    elif os.environ.get("AZURE_CLIENT_ID"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #215bbf4f0e351622 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:20
        os.environ.get("AZURE_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #343718f0b91b1d85 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:21
        and os.environ.get("AZURE_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #271f298f35058827 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:22
        and os.environ.get("AZURE_CERTIFICATE_PATH")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #661bc61746e6ea56 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:23
        and os.environ.get("AZURE_CERTIFICATE_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8936a593e8facec Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:26
    elif os.environ.get("AZURE_CERTIFICATE_PASSWORD"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0de09e47b4406ced Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:28
    elif os.environ.get("AZURE_CERTIFICATE_PATH"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79ad7bc9ca13cc04 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:65
            os.environ.get("AZURE_SCOPE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2aa0922e15a2c14b Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:73
        or os.environ.get("AZURE_CREDENTIAL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ddf31c221363bf97 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:90
            client_id=os.environ["AZURE_CLIENT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77e1fe1c807b7b09 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:91
            client_secret=os.environ["AZURE_CLIENT_SECRET"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #157d08930368364a Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:92
            tenant_id=os.environ["AZURE_TENANT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b0d6526b2d4a0d4 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:95
        credential = ManagedIdentityCredential(client_id=os.environ["AZURE_CLIENT_ID"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a76f8eb4f744921 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:97
        if os.getenv("AZURE_CERTIFICATE_PASSWORD"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea948f2c5fedc771 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:99
                client_id=os.environ["AZURE_CLIENT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0aafe71031496b15 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:100
                tenant_id=os.environ["AZURE_TENANT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77cf91e7d60f1c47 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:101
                certificate_path=os.environ["AZURE_CERTIFICATE_PATH"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5f1d009af0f8e4f Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:102
                password=os.environ["AZURE_CERTIFICATE_PASSWORD"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9cc8fad8393050f Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:106
                client_id=os.environ["AZURE_CLIENT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9e4d626e32bbce9 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:107
                tenant_id=os.environ["AZURE_TENANT_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90f927c0228e4fcc Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/get_azure_ad_token_provider.py:108
                certificate_path=os.environ["AZURE_CERTIFICATE_PATH"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c33c3eca69b808f0 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_kms.py:19
    if "GOOGLE_APPLICATION_CREDENTIALS" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64e468144a86cf77 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_kms.py:23
    if "GOOGLE_KMS_RESOURCE_NAME" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38a6bcf8c97e73c2 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_kms.py:41
        litellm._google_kms_resource_name = os.getenv("GOOGLE_KMS_RESOURCE_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #723acb0d7355adf5 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_secret_manager.py:32
        self.PROJECT_ID = os.environ.get("GOOGLE_SECRET_MANAGER_PROJECT_ID", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #495fbc075b31e74b Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_secret_manager.py:40
        _refresh_interval = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #939fbf8c062313bf Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_secret_manager.py:40
        _refresh_interval = os.environ.get(
            "GOOGLE_SECRET_MANAGER_REFRESH_INTERVAL", refresh_interval
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #396a8d81f0b0a6a1 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_secret_manager.py:50
        _always_read_secret_manager = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5163ed321bf903d Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/google_secret_manager.py:50
        _always_read_secret_manager = os.environ.get(
            "GOOGLE_SECRET_MANAGER_ALWAYS_READ_SECRET_MANAGER",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f239e77d62e8b700 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:25
        self.vault_addr = os.getenv("HCP_VAULT_ADDR", "http://127.0.0.1:8200")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf8521b8b0f608cf Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:26
        self.vault_token = os.getenv("HCP_VAULT_TOKEN", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a4126509a56e6fc Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:28
        self.vault_namespace = os.getenv("HCP_VAULT_NAMESPACE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4020cc656f3357e Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:31
        self.vault_mount_name = os.getenv("HCP_VAULT_MOUNT_NAME", "secret")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e336201fff292a72 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:33
        self.vault_path_prefix = os.getenv("HCP_VAULT_PATH_PREFIX", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #950065f5794001dd Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:36
        self.tls_cert_path = os.getenv("HCP_VAULT_CLIENT_CERT", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34ec1587de4aa638 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:37
        self.tls_key_path = os.getenv("HCP_VAULT_CLIENT_KEY", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50b324234b73ac21 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:38
        self.vault_cert_role = os.getenv("HCP_VAULT_CERT_ROLE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #312e73ad9a70d3b8 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:41
        self.approle_role_id = os.getenv("HCP_VAULT_APPROLE_ROLE_ID", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5259a7a108d06c69 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:42
        self.approle_secret_id = os.getenv("HCP_VAULT_APPROLE_SECRET_ID", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f767bab5f88e450 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:43
        self.approle_mount_path = os.getenv("HCP_VAULT_APPROLE_MOUNT_PATH", "approle")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b0973bfb113a2ca Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:54
        _refresh_interval = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8f39779a47a7471 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:54
        _refresh_interval = os.environ.get(
            "HCP_VAULT_REFRESH_INTERVAL", SECRET_MANAGER_REFRESH_INTERVAL
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #714631db8d14466f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/litellm/secret_managers/hashicorp_secret_manager.py:198
            resp = client.post(
                login_url,
                headers=headers,
                json=self._get_tls_cert_auth_body(),
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #439aa931fe660780 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:137
            env_secret = os.getenv("CIRCLE_OIDC_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #345643ae52130c15 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:143
            env_secret = os.getenv("CIRCLE_OIDC_TOKEN_V2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87860bd72a75c0ad Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:149
            actions_id_token_request_url = os.getenv("ACTIONS_ID_TOKEN_REQUEST_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #615d752504285fc2 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:150
            actions_id_token_request_token = os.getenv("ACTIONS_ID_TOKEN_REQUEST_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #282d256fa25d36d7 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:180
            azure_federated_token_file = os.getenv("AZURE_FEDERATED_TOKEN_FILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b48bd8140f641ea5 Filesystem access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:195
            with open(azure_federated_token_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c49e5873c2dd9e8e Filesystem access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:200
            with open(oidc_aud, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66442378d373cb1a Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:205
            oidc_token = os.getenv(oidc_aud)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61481013c8394990 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:211
            token_file_path = os.getenv(oidc_aud)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c7f2ac3853eca15 Filesystem access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:214
            with open(token_file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2c51098a674e517 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:249
                secret = os.getenv(secret_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd85d526f1849614 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/main.py:260
            secret = os.environ.get(secret_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58968cd8cc477cea Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/secret_manager_handler.py:60
        encrypted_secret: Any = os.getenv(secret_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6cee386b897363ab Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/secret_manager_handler.py:87
        encrypted_value = os.getenv(secret_name, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58a2266190af7681 Environment-variable access.
pkgs/python/[email protected]/litellm/secret_managers/secret_manager_handler.py:177
        secret = os.getenv(secret_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dedff19adee72c71 Environment-variable access.
pkgs/python/[email protected]/litellm/types/integrations/slack_alerting.py:54
            os.getenv(
                "SLACK_DAILY_REPORT_FREQUENCY",
                int(SlackAlertingArgsEnum.daily_report_frequency.value),
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a6b286e0ec1c625 Environment-variable access.
pkgs/python/[email protected]/litellm/types/proxy/guardrails/guardrail_hooks/zscaler_ai_guard.py:91
        api_base = self.api_base or os.getenv(
            "ZSCALER_AI_GUARD_URL",
            "https://api.us1.zseclipse.net/v1/detection/execute-policy",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6916b7c8656b3e54 Environment-variable access.
pkgs/python/[email protected]/litellm/types/proxy/guardrails/guardrail_hooks/zscaler_ai_guard.py:99
            env_policy = os.getenv("ZSCALER_AI_GUARD_POLICY_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #517ff806b02ed1e1 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6094
    no_proxy = os.getenv("NO_PROXY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff2a2eecac016cd7 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6147
            if "OPENAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e02bf4c7d136c6e Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6153
                "AZURE_API_BASE" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #690ca8ec3dda0a9a Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6154
                and "AZURE_API_VERSION" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a919261ec61ac1f9 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6155
                and "AZURE_API_KEY" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c13a151fe87c5a94 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6163
            if "ANTHROPIC_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c02d6fc2b65c0c3a Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6168
            if "COHERE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d59c1face9b24b5 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6173
            if "REPLICATE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6faddf33b276df24 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6178
            if "OPENROUTER_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2d0081bd3685865 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6183
            if "VERCEL_AI_GATEWAY_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4b9ec6d0e5387de Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6188
            if "DATAROBOT_API_TOKEN" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b91a0e8a68a2dd0 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6193
            if "VERTEXAI_PROJECT" in os.environ and "VERTEXAI_LOCATION" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39d728f53c1fe3da Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6198
            if "HUGGINGFACE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f347054a9cf7066b Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6203
            if "AI21_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ed53b3228d33789 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6208
            if "TOGETHERAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5a5b29c69a27e35 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6213
            if "ALEPH_ALPHA_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5f4c7d53dc5ad9e Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6218
            if "BASETEN_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #368d44f65db89eee Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6223
            if "NLP_CLOUD_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4bd9b2842e64591 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6229
                "AWS_ACCESS_KEY_ID" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed628001865a6538 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6230
                and "AWS_SECRET_ACCESS_KEY" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e7e1cffae59d1c9 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6233
                "AWS_ROLE_ARN" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a84bc3136160d38 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6234
                or "AWS_PROFILE" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77fc00ac832540d5 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6235
                or "AWS_WEB_IDENTITY_TOKEN_FILE" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #854d951d7a8d4984 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6237
                in os.environ  # ECS task role

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f93b0e2c9a7cb128 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6239
                in os.environ  # ECS/Fargate full URI credential delivery

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28d0a30c4b178d8e Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6246
            if "OLLAMA_API_BASE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d00c83bc9a5baa4d Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6251
            if "ANYSCALE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4718763582ca160b Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6256
            if "DEEPINFRA_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1aa748b2c933eab Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6261
            if "FEATHERLESS_AI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0128bd9bc305723f Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6266
            if ("GOOGLE_API_KEY" in os.environ) or ("GEMINI_API_KEY" in os.environ):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a16338eca39ff72d Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6272
            if "GROQ_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #596ca1974f2ecd61 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6277
            if "NVIDIA_NIM_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9cb8af374a4e850 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6282
            if "CEREBRAS_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #053c9c7e8b007ea1 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6287
            if "BASETEN_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7409558194a5d2cb Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6292
            if "XAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae4202448a298f11 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6297
            if "AI21_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db68606c9a89c18d Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6302
            if "VOLCENGINE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5fdf2733c9a3a6fb Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6310
            if "CODESTRAL_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23cad18c6d8a032f Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6315
            if "DEEPSEEK_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15880866f7dbb068 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6320
            if "MISTRAL_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #243cede2c897965c Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6325
            if "PALM_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61fc9d478202fe0c Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6330
            if "PERPLEXITYAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94c411bfeb451978 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6335
            if "VOYAGE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f84b9bd72b1f3885 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6340
            if "INFINITY_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #268dbc6a0aab6ec1 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6346
                "FIREWORKS_AI_API_KEY" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10e6e13bfbd02724 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6347
                or "FIREWORKS_API_KEY" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5eaadee29c261e8 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6348
                or "FIREWORKSAI_API_KEY" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #043bbf0d97135165 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6349
                or "FIREWORKS_AI_TOKEN" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64b2d0c4940871a2 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6355
            if "CLOUDFLARE_API_KEY" in os.environ and (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8bdaf31e559a308 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6356
                "CLOUDFLARE_ACCOUNT_ID" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #421c58f4c9db98b9 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6357
                or "CLOUDFLARE_API_BASE" in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f4cbe0a75671b14 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6364
            if "NOVITA_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6eff6add314dfa3 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6369
            if "NEBIUS_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #345083ccea647597 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6374
            if "WANDB_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3f20473b8de7c10 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6379
            if "DASHSCOPE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b41fc2f886f6457 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6384
            if "MOONSHOT_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #464bcebc15dace6e Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6396
            if "OPENAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7f4b98e3e28fcdd Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6402
            if "ANTHROPIC_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2cd5e18e7c23445 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6408
            if "COHERE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff0220eef704695d Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6414
            if "REPLICATE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8d14fabea16bb35 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6420
            if "OPENROUTER_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #780abfc4cf1d9039 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6426
            if "VERCEL_AI_GATEWAY_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2830a5717417e66b Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6432
            if "DATAROBOT_API_TOKEN" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee40952897521e8f Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6442
            if "VERTEXAI_PROJECT" in os.environ and "VERTEXAI_LOCATION" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #285ed4162812b420 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6448
            if "HUGGINGFACE_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #941fcdde90ea5bc3 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6454
            if "AI21_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #968d231b14f53004 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6460
            if "TOGETHERAI_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19299712197f8f33 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6466
            if "ALEPH_ALPHA_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6c3f21a026677af Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6472
            if "BASETEN_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4bb87466cd3717dc Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6478
            if "NLP_CLOUD_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7bd63a51b5b8983f Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6483
            if "NOVITA_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47960bb91f54a3ad Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6488
            if "NEBIUS_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a0044abb47e6f47 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:6493
            if "WANDB_API_KEY" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f123e692ba5daa8f Filesystem access.
pkgs/python/[email protected]/litellm/utils.py:6880
        with open(config_path, "r") as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e154153f0dca91e Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:7157
            for k, v in os.environ.items()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de7bad1ad7c677b5 Environment-variable access.
pkgs/python/[email protected]/litellm/utils.py:7221
    environ_keys = os.environ.keys()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

posthog

python dependency
medium telemetry dependency Excluded from app score #792903f99a0da6f4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:6
from posthog.args import ExceptionArg, OptionalCaptureArgs, OptionalSetArgs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2e29dff070df7beb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:7
from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5c61b3c02bce053b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:8
from posthog.contexts import (
    identify_context as inner_identify_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #76c6e8f071cd02cc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:11
from posthog.contexts import (
    new_context as inner_new_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #283c6cfad6adfb0e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:14
from posthog.contexts import (
    scoped as inner_scoped,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #50e38f952ca9f3de Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:17
from posthog.contexts import (
    set_capture_exception_code_variables_context as inner_set_capture_exception_code_variables_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b661785e660f0f66 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:20
from posthog.contexts import (
    set_code_variables_ignore_patterns_context as inner_set_code_variables_ignore_patterns_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #881b42b163ea8438 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:23
from posthog.contexts import (
    set_code_variables_mask_patterns_context as inner_set_code_variables_mask_patterns_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6f0220916f2901bd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:26
from posthog.contexts import (
    set_context_device_id as inner_set_context_device_id,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6ff600647e7c154b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:29
from posthog.contexts import (
    set_context_session as inner_set_context_session,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #53ef34f52d3518fb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:32
from posthog.contexts import (
    tag as inner_tag,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #57b360148ec2ad55 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:35
from posthog.contexts import (
    get_tags as inner_get_tags,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f94b14680d62f92e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:38
from posthog.exception_utils import (
    DEFAULT_CODE_VARIABLES_IGNORE_PATTERNS,
    DEFAULT_CODE_VARIABLES_MASK_PATTERNS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cf15824962ea73f5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:42
from posthog.feature_flags import (
    InconclusiveMatchError as InconclusiveMatchError,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f2823e8e9e0e826d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:45
from posthog.feature_flags import (
    RequiresServerEvaluation as RequiresServerEvaluation,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1d63fbc876de8bb5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:48
from posthog.flag_definition_cache import (
    FlagDefinitionCacheData as FlagDefinitionCacheData,
    FlagDefinitionCacheProvider as FlagDefinitionCacheProvider,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f048e8fe1e17bd25 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:52
from posthog.request import (
    disable_connection_reuse as disable_connection_reuse,
    enable_keep_alive as enable_keep_alive,
    set_socket_options as set_socket_options,
    SocketOptions as SocketOptions,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #daba6760826d5363 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:58
from posthog.types import (
    FeatureFlag,
    FlagsAndPayloads,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #489b5028147569e8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:62
from posthog.types import (
    FeatureFlagResult as FeatureFlagResult,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #93edfb89a0671c41 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:65
from posthog.version import VERSION

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c0d139fffcd787e7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/__init__.py:1
from posthog.ai.prompts import Prompts

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6b1d636f203a2f74 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:13
from posthog.ai.types import StreamingContentBlock, TokenUsage, ToolInProgress

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4ccef50b710e680d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:14
from posthog.ai.utils import (
    call_llm_and_track_usage,
    merge_usage_stats,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #485e6caff5361e73 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:18
from posthog.ai.anthropic.anthropic_converter import (
    extract_anthropic_usage_from_event,
    handle_anthropic_content_block_start,
    handle_anthropic_text_delta,
    handle_anthropic_tool_delta,
    finalize_anthropic_tool_input,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8860715558448343 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:25
from posthog.ai.sanitization import sanitize_anthropic

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b78c786c40af645f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:26
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #25ea3e463f7dc7b6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:27
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d61b8d13d1fac46c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:218
        from posthog.ai.types import StreamingEventData

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #16aef06b44d35a18 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:219
        from posthog.ai.anthropic.anthropic_converter import (
            format_anthropic_streaming_input,
            format_anthropic_streaming_output_complete,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b4f5157a15f06d60 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:223
        from posthog.ai.utils import capture_streaming_event

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cdd1bd68a2a9120c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:13
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #459c28fe2f810b11 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:14
from posthog.ai.types import StreamingContentBlock, TokenUsage, ToolInProgress

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d2821fafd501c981 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:15
from posthog.ai.utils import (
    call_llm_and_track_usage_async,
    merge_usage_stats,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d312c80804f8fde1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:19
from posthog.ai.anthropic.anthropic_converter import (
    extract_anthropic_usage_from_event,
    handle_anthropic_content_block_start,
    handle_anthropic_text_delta,
    handle_anthropic_tool_delta,
    finalize_anthropic_tool_input,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b97e494c47f20e64 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:26
from posthog.ai.sanitization import sanitize_anthropic

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d8cab8df0cec702a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:27
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d3490ccc1a4a2b68 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:218
        from posthog.ai.types import StreamingEventData

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #45b8a2802f055a1a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:219
        from posthog.ai.anthropic.anthropic_converter import (
            format_anthropic_streaming_input,
            format_anthropic_streaming_output_complete,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1a44e4d98d0a65c1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:223
        from posthog.ai.utils import capture_streaming_event

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f3dd4c8d0a55269b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_converter.py:11
from posthog.ai.types import (
    FormattedContentItem,
    FormattedFunctionCall,
    FormattedMessage,
    FormattedTextContent,
    StreamingContentBlock,
    TokenUsage,
    ToolInProgress,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4704f75ce148420a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_converter.py:20
from posthog.ai.utils import serialize_raw_usage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b4297e76f80661bc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_converter.py:430
    from posthog.ai.utils import merge_system_prompt

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #991cca8a5709ebd8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_providers.py:10
from posthog.ai.anthropic.anthropic import WrappedMessages

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4c4f0feeb725a372 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_providers.py:11
from posthog.ai.anthropic.anthropic_async import AsyncWrappedMessages

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0d21238c9397b5a4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_providers.py:12
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5b1ded6aef8642f5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_providers.py:13
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5c80aeb0de53ef13 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:6
from posthog.ai.types import TokenUsage, StreamingEventData

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e41f4df14e0b4416 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:7
from posthog.ai.utils import merge_system_prompt

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #719166119e5570a9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:16
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #444bfd911854b49c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:17
from posthog.ai.utils import (
    call_llm_and_track_usage,
    capture_streaming_event,
    merge_usage_stats,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c41a0188638745dc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:22
from posthog.ai.gemini.gemini_converter import (
    extract_gemini_usage_from_chunk,
    extract_gemini_content_from_chunk,
    format_gemini_streaming_output,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7d6cb6e2d82c9a07 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:27
from posthog.ai.sanitization import sanitize_gemini

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dd7a3f5146f1c320 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:28
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fd41cdb0550901a6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:6
from posthog.ai.types import TokenUsage, StreamingEventData

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #df1686fbf4f2f565 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:7
from posthog.ai.utils import merge_system_prompt

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2b101cdc2b341b55 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:16
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #82f1c19822170bd8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:17
from posthog.ai.utils import (
    call_llm_and_track_usage_async,
    capture_streaming_event,
    merge_usage_stats,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dd8cd82134781eb5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:22
from posthog.ai.gemini.gemini_converter import (
    extract_gemini_usage_from_chunk,
    extract_gemini_content_from_chunk,
    format_gemini_streaming_output,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #df9c2e705a7d1749 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:27
from posthog.ai.sanitization import sanitize_gemini

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #189a74eb17411d08 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:28
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3f64c7f1c4af1e75 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_converter.py:10
from posthog.ai.types import (
    FormattedContentItem,
    FormattedMessage,
    TokenUsage,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2dc73b05b2bc77cd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_converter.py:15
from posthog.ai.utils import serialize_raw_usage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2a2e96dbc873e0ce Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_converter.py:352
            from posthog.ai.types import FormattedMessage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #630142e2be8ea3e1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/langchain/callbacks.py:44
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4e3053da9adf3d0d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/langchain/callbacks.py:45
from posthog.ai.sanitization import sanitize_langchain

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4fd0bfa8cc7aa2ef Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/langchain/callbacks.py:46
from posthog.ai.utils import get_model_params, with_privacy_mode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #85270ca77897ee9e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/langchain/callbacks.py:47
from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #60c0b7b8d64228dc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:5
from posthog.ai.types import TokenUsage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6eb7e4f259c7a9ec Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:14
from posthog.ai.utils import (
    call_llm_and_track_usage,
    extract_available_tool_calls,
    merge_usage_stats,
    with_privacy_mode,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6a29026ddc76251e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:20
from posthog.ai.openai.openai_converter import (
    extract_openai_usage_from_chunk,
    extract_openai_content_from_chunk,
    extract_openai_tool_calls_from_chunk,
    accumulate_openai_tool_calls,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #862ef6129e9cef32 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:26
from posthog.ai.sanitization import sanitize_openai, sanitize_openai_response

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6dc631c01e832811 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:27
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6b831836d15ff0a0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:28
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0d5be4ff23b241dc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:192
        from posthog.ai.types import StreamingEventData

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #abdc22c525ca14ac Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:193
        from posthog.ai.openai.openai_converter import (
            format_openai_streaming_input,
            format_openai_streaming_output,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bcc0bfe0b28bfebe Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:197
        from posthog.ai.utils import capture_streaming_event

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #eb9cc450138d09b6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:419
        from posthog.ai.types import StreamingEventData

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e9fd22e89e723ca7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:420
        from posthog.ai.openai.openai_converter import (
            format_openai_streaming_input,
            format_openai_streaming_output,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cbd02116a909d17c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:424
        from posthog.ai.utils import capture_streaming_event

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b359bffa5fdb6d91 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_async.py:5
from posthog.ai.types import TokenUsage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f7553ad68e9fd2e4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_async.py:14
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d783b521cb1e1128 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_async.py:15
from posthog.ai.utils import (
    call_llm_and_track_usage_async,
    extract_available_tool_calls,
    get_model_params,
    merge_usage_stats,
    with_privacy_mode,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #08a22e3bc55eedd6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_async.py:22
from posthog.ai.openai.openai_converter import (
    extract_openai_usage_from_chunk,
    extract_openai_content_from_chunk,
    extract_openai_tool_calls_from_chunk,
    accumulate_openai_tool_calls,
    format_openai_streaming_output,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #12b7d54dd180a736 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_async.py:29
from posthog.ai.sanitization import sanitize_openai, sanitize_openai_response

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f7f8a5f60772f2a3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_async.py:30
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f74a4b6b4ba578fc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_converter.py:11
from posthog.ai.types import (
    FormattedContentItem,
    FormattedFunctionCall,
    FormattedImageContent,
    FormattedMessage,
    FormattedTextContent,
    TokenUsage,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #eeb2e69fafd19b55 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_converter.py:19
from posthog.ai.utils import serialize_raw_usage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5e9a9fce8274192e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_converter.py:758
    from posthog.ai.utils import merge_system_prompt

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #78f87670e36e7044 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_providers.py:8
from posthog.ai.openai.openai import (
    WrappedBeta,
    WrappedChat,
    WrappedEmbeddings,
    WrappedResponses,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9cd5aff642144633 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_providers.py:14
from posthog.ai.openai.openai_async import WrappedBeta as AsyncWrappedBeta

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0d70ff8e20bfceac Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_providers.py:15
from posthog.ai.openai.openai_async import WrappedChat as AsyncWrappedChat

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9b1886070b356b74 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_providers.py:16
from posthog.ai.openai.openai_async import WrappedEmbeddings as AsyncWrappedEmbeddings

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #af58a86ebe054818 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_providers.py:17
from posthog.ai.openai.openai_async import WrappedResponses as AsyncWrappedResponses

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e3fefd6ee2e49c77 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_providers.py:20
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8de58fd5f6f41f31 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_providers.py:21
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f9493824c42d0b89 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai_agents/__init__.py:8
    from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8bb955dc2e959b89 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai_agents/__init__.py:17
from posthog.ai.openai_agents.processor import PostHogTracingProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f8cb5db105cf007c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai_agents/processor.py:23
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9cf4de7d4f3fa3d9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai_agents/processor.py:24
from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #58919bb19fae5bba Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/prompts.py:13
from posthog.request import USER_AGENT, _get_session

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ba45c88ccb6d04b5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/prompts.py:14
from posthog.utils import remove_trailing_slash

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ba4b3854830e82da Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:5
from posthog import get_tags, identify_context, new_context, tag, contexts

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #368e4149ab7edd30 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:6
from posthog.ai.sanitization import (
    sanitize_anthropic,
    sanitize_gemini,
    sanitize_langchain,
    sanitize_openai,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c4485c77a3a9d68c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:12
from posthog.ai.types import FormattedMessage, StreamingEventData, TokenUsage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a7075cca202d9aa2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:13
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7b74610bb067beea Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:196
        from posthog.ai.anthropic.anthropic_converter import (
            extract_anthropic_usage_from_response,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #395b8163b590fe83 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:202
        from posthog.ai.openai.openai_converter import (
            extract_openai_usage_from_response,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b427fd1407c813b0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:208
        from posthog.ai.gemini.gemini_converter import (
            extract_gemini_usage_from_response,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ec7c2f99e7f5133f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:222
        from posthog.ai.anthropic.anthropic_converter import format_anthropic_response

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4209e348d55742d7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:226
        from posthog.ai.openai.openai_converter import format_openai_response

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8f7240797cd31831 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:230
        from posthog.ai.gemini.gemini_converter import format_gemini_response

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #49a139758e362772 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:241
        from posthog.ai.anthropic.anthropic_converter import extract_anthropic_tools

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ad2f426a6ca88379 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:245
        from posthog.ai.gemini.gemini_converter import extract_gemini_tools

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f8f632c61eaa7e90 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:249
        from posthog.ai.openai.openai_converter import extract_openai_tools

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #52d8f4423264e8a1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:262
        from posthog.ai.anthropic.anthropic_converter import format_anthropic_input

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2de3f4952be41d0c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:268
        from posthog.ai.gemini.gemini_converter import format_gemini_input_with_system

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d9efd0133c0f7ab4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:274
        from posthog.ai.openai.openai_converter import format_openai_input

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6ff1b8b7e16b17d4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/args.py:8
from posthog.types import SendFeatureFlagsOptions

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e1be415bd47831bd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:14
from posthog.args import ID_TYPES, ExceptionArg, OptionalCaptureArgs, OptionalSetArgs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #478f5eb0ad54640e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:15
from posthog.consumer import Consumer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #694bde6d429bda6a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:16
from posthog.contexts import (
    _get_current_context,
    get_capture_exception_code_variables_context,
    get_code_variables_ignore_patterns_context,
    get_code_variables_mask_patterns_context,
    get_context_device_id,
    get_context_distinct_id,
    get_context_session_id,
    new_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #48d5220184267406 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:26
from posthog.exception_capture import ExceptionCapture

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #892ff99192260bbe Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:27
from posthog.exception_utils import (
    DEFAULT_CODE_VARIABLES_IGNORE_PATTERNS,
    DEFAULT_CODE_VARIABLES_MASK_PATTERNS,
    exc_info_from_error,
    exception_is_already_captured,
    exceptions_from_error_tuple,
    handle_in_app,
    mark_exception_as_captured,
    try_attach_code_variables_to_frames,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d38034377e89de10 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:37
from posthog.feature_flags import (
    InconclusiveMatchError,
    RequiresServerEvaluation,
    match_feature_flag_properties,
    resolve_bucketing_value,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #db1ea2c2838b820e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:43
from posthog.flag_definition_cache import (
    FlagDefinitionCacheData,
    FlagDefinitionCacheProvider,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cf71697a92ce2781 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:47
from posthog.poller import Poller

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #de3c361f6aa5e989 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:48
from posthog.request import (
    DEFAULT_HOST,
    APIError,
    QuotaLimitError,
    RequestsConnectionError,
    RequestsTimeout,
    batch_post,
    determine_server_host,
    flags,
    get,
    remote_config,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4f7b571025ca8021 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:60
from posthog.types import (
    FeatureFlag,
    FeatureFlagError,
    FeatureFlagResult,
    FlagMetadata,
    FlagsAndPayloads,
    FlagsResponse,
    FlagValue,
    SendFeatureFlagsOptions,
    normalize_flags_response,
    to_flags_and_payloads,
    to_payloads,
    to_values,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dbe07bca165bf59e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:74
from posthog.utils import (
    FlagCache,
    RedisFlagCache,
    SizeLimitedDict,
    clean,
    guess_timezone,
    system_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f97fef335e825b4b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:82
from posthog.version import VERSION

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #27db11806c81a5a1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/consumer.py:6
from posthog.request import APIError, DatetimeSerializer, batch_post

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #585742dacb0689ba Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/contexts.py:7
    from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ca64ec9ae3a79bb0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/contexts.py:162
    from posthog import capture_exception

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dbc724a2b266d554 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/exception_capture.py:12
    from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7bbcee9ce673968b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/exception_utils.py:33
from posthog.args import ExceptionArg, ExcInfo  # noqa: F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7f90978b69484196 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/feature_flags.py:11
from posthog import utils

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #501c2200599bd21e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/feature_flags.py:12
from posthog.types import FlagValue

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #138338ef7a76448b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/feature_flags.py:13
from posthog.utils import convert_to_datetime_aware, is_valid_regex

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9f31f51642ff1c82 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/integrations/django.py:2
from posthog import contexts

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5cb39cc552fa3887 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/integrations/django.py:3
from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0bd321773cd49a33 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/integrations/django.py:317
            from posthog import capture_exception

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6aef40bf09f1820c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/request.py:17
from posthog.utils import remove_trailing_slash

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1455f26723dff84b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/request.py:18
from posthog.version import VERSION

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #9465487d762de7c4 Environment-variable access.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:187
                api_key = os.environ.get("GOOGLE_API_KEY") or os.environ.get("API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3acf51229e67aa7d Environment-variable access.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:187
                api_key = os.environ.get("GOOGLE_API_KEY") or os.environ.get("API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dee7311d4b7ef5fd Environment-variable access.
pkgs/python/[email protected]/posthog/ai/sanitization.py:11
    return os.environ.get("_INTERNAL_LLMA_MULTIMODAL", "").lower() in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #7a463a84f1675c8e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/posthog/request.py:207
    res = (session or _get_session()).post(
        url, data=data, headers=headers, timeout=timeout
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

rich

python dependency
medium telemetry dependency Excluded from app score #f197e3817de6427e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/rich/progress.py:173
        yield from progress.track(
            sequence,
            total=total,
            completed=completed,
            description=description,
            update_period=update_period,
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 22 low-confidence finding(s)
low env_fs dependency Excluded from app score #ed2345e448abb104 Environment-variable access.
pkgs/python/[email protected]/rich/_unicode_data/__init__.py:67
        unicode_version = os.environ.get("UNICODE_VERSION", "latest")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0538832890570385 Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:441
        self.write_text(text)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f24d32534c5b62b Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:612
    term.write_text("went back and wrapped to prev line")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e161cc46fc65d911 Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:615
    term.write_text("we go up")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db95bb50faa68b1e Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:618
    term.write_text("and down")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #322522cb7be54d64 Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:623
    term.write_text("we went up and back 2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #272c5df081ca1fa6 Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:628
    term.write_text("we went down and back 2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c51a1e6be924e2d Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:636
    term.write_text("The red arrow shows the cursor location, and direction of erase")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6179f8427a124dcb Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:646
    term.write_text("The red arrow shows the cursor location, and direction of erase")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07d454ac9c31384d Filesystem access.
pkgs/python/[email protected]/rich/_windows_renderer.py:19
                term.write_text(text)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd5b8ee98799714a Filesystem access.
pkgs/python/[email protected]/rich/_windows_renderer.py:28
                    term.write_text("\r")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49d51e9206d08cec Environment-variable access.
pkgs/python/[email protected]/rich/console.py:521
        or os.getenv("DATABRICKS_RUNTIME_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f43b2fde2b7477d3 Environment-variable access.
pkgs/python/[email protected]/rich/console.py:623
    _environ: Mapping[str, str] = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7f023999b234584 Filesystem access.
pkgs/python/[email protected]/rich/console.py:2220
        with open(path, "w", encoding="utf-8") as write_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dad36f1217b9f04e Filesystem access.
pkgs/python/[email protected]/rich/console.py:2326
        with open(path, "w", encoding="utf-8") as write_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f693511a967f3cf7 Filesystem access.
pkgs/python/[email protected]/rich/console.py:2615
        with open(path, "w", encoding="utf-8") as write_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd3685cece101955 Environment-variable access.
pkgs/python/[email protected]/rich/diagnose.py:32
    env = {name: os.getenv(name) for name in env_names}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b201c57d52341efc Filesystem access.
pkgs/python/[email protected]/rich/json.py:134
            json_data = Path(args.path).read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d4f80e6774630ae Filesystem access.
pkgs/python/[email protected]/rich/markdown.py:768
        with open(args.path, encoding="utf-8") as markdown_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fc5deb995595629 Filesystem access.
pkgs/python/[email protected]/rich/progress.py:1373
        handle = io.open(file, "rb", buffering=buffering)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17b0c836dd138507 Filesystem access.
pkgs/python/[email protected]/rich/syntax.py:357
        code = Path(path).read_text(encoding=encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7915e13b8e18aa47 Filesystem access.
pkgs/python/[email protected]/rich/theme.py:72
        with open(path, encoding=encoding) as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

typer

python dependency
medium telemetry dependency Excluded from app score #1f1fab14ffcb1654 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/docs_src/progressbar/tutorial001_py310.py:12
    for value in track(range(100), description="Processing..."):

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 40 low-confidence finding(s)
low env_fs dependency Excluded from app score #9fa7686ef7199280 Filesystem access.
pkgs/python/[email protected]/docs_src/launch/tutorial002_py310.py:17
        config_path.write_text('{"version": "1.0.0"}')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42e0edaba6db8adf Filesystem access.
pkgs/python/[email protected]/docs_src/parameter_types/path/tutorial001_an_py310.py:15
        text = config.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cc6678b112b9181 Filesystem access.
pkgs/python/[email protected]/docs_src/parameter_types/path/tutorial001_py310.py:14
        text = config.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #536a4c5dcb318858 Filesystem access.
pkgs/python/[email protected]/docs_src/parameter_types/path/tutorial002_an_py310.py:23
    text = config.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #344d40d340183db2 Filesystem access.
pkgs/python/[email protected]/docs_src/parameter_types/path/tutorial002_py310.py:20
    text = config.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b81392524894c3bf Environment-variable access.
pkgs/python/[email protected]/scripts/docs.py:24
    os.environ["DYLD_FALLBACK_LIBRARY_PATH"] = "/opt/homebrew/lib"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #27d7dbef5228c3c7 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:29
    content = en_index.read_text("utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5de7c67ce9f8e043 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:53
    readme_path.write_text(new_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #81060387c426f9c5 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:64
    readme_content = readme_path.read_text("utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a084b04af6d35328 Environment-variable access.
pkgs/python/[email protected]/scripts/docs.py:88
    subprocess.run(args, env={**os.environ, "LINENUMS": "true"}, check=True)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9f6143cb0b72b5c2 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:133
    base_content = file_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #76e061cfb1e6547b Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:181
        version_file.write_text(content_format, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a44e55f0ab565b95 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:237
        content = md_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c7636475b946b659 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:244
            md_file.write_text(new_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b2d88120d799e637 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:259
        all_docs_content += md_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53e907c9120912af Environment-variable access.
pkgs/python/[email protected]/typer/_completion_classes.py:42
        cwords = click_split_arg_string(os.environ["COMP_WORDS"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81ebb769245fc42b Environment-variable access.
pkgs/python/[email protected]/typer/_completion_classes.py:43
        cword = int(os.environ["COMP_CWORD"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97f96fd7faf66904 Environment-variable access.
pkgs/python/[email protected]/typer/_completion_classes.py:78
        completion_args = os.getenv("_TYPER_COMPLETE_ARGS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b074271e421689b Environment-variable access.
pkgs/python/[email protected]/typer/_completion_classes.py:129
        completion_args = os.getenv("_TYPER_COMPLETE_ARGS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04d16774fc0ff340 Environment-variable access.
pkgs/python/[email protected]/typer/_completion_classes.py:153
        complete_action = os.getenv("_TYPER_COMPLETE_FISH_ACTION", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe1371c3c22e6315 Environment-variable access.
pkgs/python/[email protected]/typer/_completion_classes.py:182
        completion_args = os.getenv("_TYPER_COMPLETE_ARGS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f51ef9da1c996b28 Environment-variable access.
pkgs/python/[email protected]/typer/_completion_classes.py:183
        incomplete = os.getenv("_TYPER_COMPLETE_WORD_TO_COMPLETE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d84879da93dd6c49 Filesystem access.
pkgs/python/[email protected]/typer/_completion_shared.py:103
        rc_content = rc_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #500fe6eef5049b0a Filesystem access.
pkgs/python/[email protected]/typer/_completion_shared.py:109
    rc_path.write_text(rc_content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e93b98e0b0b885b9 Filesystem access.
pkgs/python/[email protected]/typer/_completion_shared.py:115
    completion_path.write_text(script_content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41c5d6063c64e6e3 Filesystem access.
pkgs/python/[email protected]/typer/_completion_shared.py:125
        zshrc_content = zshrc_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f8c334b0ed6f6a8 Filesystem access.
pkgs/python/[email protected]/typer/_completion_shared.py:136
    zshrc_path.write_text(zshrc_content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29c3195da689e1a1 Filesystem access.
pkgs/python/[email protected]/typer/_completion_shared.py:143
    path_obj.write_text(script_content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f26f05efe1702078 Filesystem access.
pkgs/python/[email protected]/typer/_completion_shared.py:154
    path_obj.write_text(f"{script_content}\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e9b9c7ce2aed196 Environment-variable access.
pkgs/python/[email protected]/typer/_completion_shared.py:210
    test_disable_detection = os.getenv("_TYPER_COMPLETE_TEST_DISABLE_SHELL_DETECTION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05c94f39cc7dfaf9 Filesystem access.
pkgs/python/[email protected]/typer/cli.py:310
        output.write_text(clean_docs)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7cf71c8d33c319a2 Environment-variable access.
pkgs/python/[email protected]/typer/completion.py:19
    test_disable_detection = os.getenv("_TYPER_COMPLETE_TEST_DISABLE_SHELL_DETECTION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34563b0cb4c99225 Environment-variable access.
pkgs/python/[email protected]/typer/completion.py:49
    test_disable_detection = os.getenv("_TYPER_COMPLETE_TEST_DISABLE_SHELL_DETECTION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db6ca74c8124401c Environment-variable access.
pkgs/python/[email protected]/typer/core.py:29
HAS_RICH = parse_boolean_env_var(os.getenv("TYPER_USE_RICH"), default=True)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43da2833f292efcf Environment-variable access.
pkgs/python/[email protected]/typer/core.py:637
    instruction = os.environ.get(complete_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df1752e0dd5cf6fe Environment-variable access.
pkgs/python/[email protected]/typer/main.py:65
    standard_traceback = os.getenv(
        "TYPER_STANDARD_TRACEBACK", os.getenv("_TYPER_STANDARD_TRACEBACK")
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6135f200c038c9a5 Environment-variable access.
pkgs/python/[email protected]/typer/main.py:66
        "TYPER_STANDARD_TRACEBACK", os.getenv("_TYPER_STANDARD_TRACEBACK")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db6d6ca9e3b1005b Environment-variable access.
pkgs/python/[email protected]/typer/rich_utils.py:69
_TERMINAL_WIDTH = getenv("TERMINAL_WIDTH")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b19fcf5e87ad1fe Environment-variable access.
pkgs/python/[email protected]/typer/rich_utils.py:74
_TYPER_FORCE_DISABLE_TERMINAL = getenv("_TYPER_FORCE_DISABLE_TERMINAL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33cbb78bd06df2dd Environment-variable access.
pkgs/python/[email protected]/typer/rich_utils.py:77
    if getenv("GITHUB_ACTIONS") or getenv("FORCE_COLOR") or getenv("PY_COLORS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

aiohttp

python dependency
expand_more 27 low-confidence finding(s)
low env_fs dependency Excluded from app score #1c3b242f6d7bd7fe Environment-variable access.
pkgs/python/[email protected]/aiohttp/helpers.py:78
NO_EXTENSIONS = bool(os.environ.get("AIOHTTP_NO_EXTENSIONS"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c86d057d08738e0 Environment-variable access.
pkgs/python/[email protected]/aiohttp/helpers.py:87
    not sys.flags.ignore_environment and bool(os.environ.get("PYTHONASYNCIODEBUG"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89c73609c0c26e8e Environment-variable access.
pkgs/python/[email protected]/aiohttp/helpers.py:204
    netrc_env = os.environ.get("NETRC")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #c419613c8b708754 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/aiohttp/test_utils.py:357
        resp = await self._session.request(method, self.make_url(path), **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #c2ce97b663cf8dd8 Environment-variable access.
pkgs/python/[email protected]/aiohttp/web_fileresponse.py:50
NOSENDFILE: Final[bool] = bool(os.environ.get("AIOHTTP_NOSENDFILE"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #938a3f479bc918f4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/docs/code/client_middleware_cookbook.py:39
    async with req.session.post("/log", data=req.url.host, middlewares=()) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #6945b094d7778557 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/docs/code/client_middleware_cookbook.py:65
                async with req.session.post(url, data=self.refresh_token) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #16e5cc5d9c953707 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/docs/code/client_middleware_cookbook.py:87
                    async with req.session.post(url, data=self.refresh_token) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #1d904fb1f2e4f9a6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/docs/code/client_middleware_cookbook.py:100
            async with session.post("/refresh") as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #e5b18c54a98838e5 Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:22
    os.getenv("READTHEDOCS", "False") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7ccc3fae0dc73746 Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:23
    and os.environ["READTHEDOCS_VERSION_TYPE"] == "tag"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ee17be9080333f04 Filesystem access.
pkgs/python/[email protected]/docs/conf.py:32
with open(_version_path, encoding="latin1") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #f17e6db05eb4b98c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/curl.py:12
        async with session.request("GET", url) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #51917b3641c30977 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/logging_middleware.py:138
        async with session.post("http://localhost:8080/echo", json=payload) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #e1d0992e00074cc5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/retry_middleware.py:179
        await session.post("http://localhost:8080/reset")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #3be15ad878c035ed Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/retry_middleware.py:210
        await session.post("http://localhost:8080/reset")  # Reset counters

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #f14b57e196db39c8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/token_refresh_middleware.py:64
            async with session.post(
                self.token_endpoint,
                json={"refresh_token": self.refresh_token},
                middlewares=(),  # Disable middleware for this request
            ) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #f682a380142f1316 Filesystem access.
pkgs/python/[email protected]/examples/web_ws.py:21
        with open(WS_FILE, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d66179d655e12307 Filesystem access.
pkgs/python/[email protected]/requirements/sync-direct-runtime-deps.py:12
data = tomllib.loads(Path("pyproject.toml").read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #576b3528f2806d39 Filesystem access.
pkgs/python/[email protected]/requirements/sync-direct-runtime-deps.py:19
with open(Path("requirements", "runtime-deps.in"), "w") as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dcd1076c53876f2f Environment-variable access.
pkgs/python/[email protected]/setup.py:12
    os.environ.get("AIOHTTP_USE_SYSTEM_DEPS", os.environ.get("USE_SYSTEM_DEPS"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce317fd2643fd82b Environment-variable access.
pkgs/python/[email protected]/setup.py:14
NO_EXTENSIONS: bool = bool(os.environ.get("AIOHTTP_NO_EXTENSIONS"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #23b7626f5aef2aa4 Filesystem access.
pkgs/python/[email protected]/tools/check_sum.py:30
        hasher.update(full_src.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b1564567d0533fdc Filesystem access.
pkgs/python/[email protected]/tools/check_sum.py:37
        dst_hash = dst.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4c530ae9fe66dd55 Filesystem access.
pkgs/python/[email protected]/tools/check_sum.py:41
        dst.write_text(src_hash)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0ef75652f21c2e32 Filesystem access.
pkgs/python/[email protected]/tools/cleanup_changes.py:30
    changes = (root / "CHANGES.rst").read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #cf8a559aec928f96 Filesystem access.
pkgs/python/[email protected]/tools/gen.py:16
    code = compile(hdrs_file.read_text(), str(hdrs_file), "exec")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

aiosignal

python dependency
expand_more 1 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #3babd5916ced589e Filesystem access.
pkgs/python/[email protected]/docs/conf.py:22
with open(_version_path, encoding="latin1") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

anyio

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #6f05038b5070fbbf Filesystem access.
pkgs/python/[email protected]/src/anyio/to_process.py:211
    sys.stdin = open(os.devnull)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9647c3b76fdcf59c Filesystem access.
pkgs/python/[email protected]/src/anyio/to_process.py:212
    sys.stdout = open(os.devnull, "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

attrs

python dependency
expand_more 2 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #e9bdf0e3a3876707 Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:10
html_baseurl = os.environ.get("READTHEDOCS_CANONICAL_URL", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a9db2e141702a2ab Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:13
if os.environ.get("READTHEDOCS", "") == "True":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

certifi

python dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #50a8914595cac4a5 Filesystem access.
pkgs/python/[email protected]/certifi/core.py:47
        return files("certifi").joinpath("cacert.pem").read_text(encoding="ascii")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1a9fdf1d7dd192d Filesystem access.
pkgs/python/[email protected]/certifi/core.py:83
        return read_text("certifi", "cacert.pem", encoding="ascii")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e937c251b0b393f Filesystem access.
pkgs/python/[email protected]/setup.py:17
with open("certifi/__init__.py") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8943e82ac0605305 Filesystem access.
pkgs/python/[email protected]/setup.py:30
    long_description=open("README.rst").read(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

cffi

python dependency
expand_more 53 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #e41df17477475bb2 Filesystem access.
pkgs/python/[email protected]/demo/fastcsv.py:264
    with open('/etc/passwd', 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3f2edd2cf20370a Environment-variable access.
pkgs/python/[email protected]/setup.py:27
    pkg_config = os.environ.get('PKG_CONFIG','pkg-config')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7820b6bf8a1a8a02 Environment-variable access.
pkgs/python/[email protected]/setup.py:45
            sysroot = sysroot and os.environ.get('PKG_CONFIG_SYSROOT_DIR', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b7022b63e8efddc Environment-variable access.
pkgs/python/[email protected]/setup.py:129
    os.environ['PKG_CONFIG_PATH'] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba2e6f2a108e5350 Environment-variable access.
pkgs/python/[email protected]/setup.py:130
        os.environ.get('PKG_CONFIG_PATH', '') + ':' + pkgconfig)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7269a30d9e17bb40 Environment-variable access.
pkgs/python/[email protected]/setup.py:165
forced_extra_objs = os.environ.get('CFFI_FORCE_STATIC', [])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3260a717edbc8dbf Filesystem access.
pkgs/python/[email protected]/src/cffi/_imp_emulation.py:75
            with open(file_path, 'rb') as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be4d5af8615b9456 Filesystem access.
pkgs/python/[email protected]/src/cffi/_imp_emulation.py:77
        file = open(file_path, mode, encoding=encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42c4697580475217 Environment-variable access.
pkgs/python/[email protected]/src/cffi/ffiplatform.py:18
    saved_environ = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc339182424848a9 Environment-variable access.
pkgs/python/[email protected]/src/cffi/ffiplatform.py:26
            if os.environ.get(key) != value:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #252be859539e88ce Environment-variable access.
pkgs/python/[email protected]/src/cffi/ffiplatform.py:27
                os.environ[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a780a218570d505c Filesystem access.
pkgs/python/[email protected]/src/cffi/recompiler.py:290
        g = open(os.path.join(os.path.dirname(__file__), filename), 'r')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00c5db69aaee431b Filesystem access.
pkgs/python/[email protected]/src/cffi/recompiler.py:1440
        with open(target_file, 'r') as f1:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #edb92179ef6f7e13 Filesystem access.
pkgs/python/[email protected]/src/cffi/recompiler.py:1448
        with open(tmp_file, 'w') as f1:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb3dc6474c466f0f Filesystem access.
pkgs/python/[email protected]/src/cffi/setuptools_ext.py:22
    with open(filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53dc9b18c162af4e Filesystem access.
pkgs/python/[email protected]/src/cffi/verifier.py:184
                with open(self.sourcefilename, "r") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e46d4519064b0e0 Filesystem access.
pkgs/python/[email protected]/src/cffi/verifier.py:192
                with open(self.sourcefilename, "w") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02c22c5234644d03 Environment-variable access.
pkgs/python/[email protected]/src/cffi/verifier.py:249
    result = os.environ.get('CFFI_TMPDIR')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c778f2562927d2c5 Filesystem access.
pkgs/python/[email protected]/testing/cffi0/test_function.py:345
        with open(filename, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d00e9cd4c4ae8755 Filesystem access.
pkgs/python/[email protected]/testing/cffi0/test_function.py:351
        with open(filename, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #616901abbadcf676 Environment-variable access.
pkgs/python/[email protected]/testing/cffi0/test_ownlib.py:148
            toolsdir = os.environ.get(toolskey, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f204257f89f241b Filesystem access.
pkgs/python/[email protected]/testing/cffi0/test_verify.py:41
            f = open(self.sourcefilename)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34580aa4e4867cb0 Filesystem access.
pkgs/python/[email protected]/testing/cffi0/test_verify.py:1443
    f = open(os.path.join(tmpdir, 'foo.h'), 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a5a07b2239e84fc Filesystem access.
pkgs/python/[email protected]/testing/cffi0/test_version.py:19
    with open(p) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e99ac9f68ff2c498 Filesystem access.
pkgs/python/[email protected]/testing/cffi0/test_zdistutils.py:48
        with open(v.sourcefilename, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8191ca56f11017e4 Filesystem access.
pkgs/python/[email protected]/testing/cffi0/test_zdistutils.py:61
        with open(filename, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6433b7124a337c6a Filesystem access.
pkgs/python/[email protected]/testing/cffi0/test_zdistutils.py:154
        with open(ffi.verifier.sourcefilename, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6effce1c4050a25b Filesystem access.
pkgs/python/[email protected]/testing/cffi0/test_zdistutils.py:193
        with open(extra_source, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cfd1de63b2904555 Environment-variable access.
pkgs/python/[email protected]/testing/cffi0/test_zintegration.py:95
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9ec7d97089b26f9 Filesystem access.
pkgs/python/[email protected]/testing/cffi1/test_commontypes.py:8
        f = open(os.path.join(os.path.dirname(cffi.__file__),
                              '..', 'c', 'commontypes.c'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #090e7118a41f7ce6 Filesystem access.
pkgs/python/[email protected]/testing/cffi1/test_dlopen_unicode_literals.py:6
with open(os.path.join(os.path.dirname(__file__), 'test_dlopen.py')) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36b1e752b0d5dcd6 Filesystem access.
pkgs/python/[email protected]/testing/cffi1/test_function_args.py:120
            f = open(str(udir.join('run1.py')), 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e87d398ad05a2f9 Filesystem access.
pkgs/python/[email protected]/testing/cffi1/test_function_args.py:188
            f = open(str(udir.join('run1.py')), 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f81596d5ed5a5322 Filesystem access.
pkgs/python/[email protected]/testing/cffi1/test_parse_c_type.py:20
with open(os.path.join(cffi_dir, 'parse_c_type.h')) as _header:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3dcd31a3c87bf3c7 Filesystem access.
pkgs/python/[email protected]/testing/cffi1/test_parse_c_type.py:29
with open(os.path.join(cffi_dir, '..', 'c', 'parse_c_type.c')) as _body:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04b1393b1d61e037 Environment-variable access.
pkgs/python/[email protected]/testing/cffi1/test_recompiler.py:37
    if not os.environ.get('NO_CPP') and not no_cpp:   # test the .cpp mode too

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9534d77453edad2 Filesystem access.
pkgs/python/[email protected]/testing/cffi1/test_verify1.py:1413
    f = open(os.path.join(tmpdir, 'foo.h'), 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98d77cf3cc7341ed Environment-variable access.
pkgs/python/[email protected]/testing/cffi1/test_zdist.py:40
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20491d1fffb4d45f Filesystem access.
pkgs/python/[email protected]/testing/cffi1/test_zdist.py:291
        with open(os.path.join("src", "pack1", "__init__.py"), "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cca9a7edc99e7c97 Filesystem access.
pkgs/python/[email protected]/testing/cffi1/test_zdist.py:293
        with open("setup.py", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72a72737ac74fd8d Filesystem access.
pkgs/python/[email protected]/testing/cffi1/test_zdist.py:330
        with open(os.path.join("src0", "pack2", "__init__.py"), "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6429aea2b2370ddb Filesystem access.
pkgs/python/[email protected]/testing/cffi1/test_zdist.py:332
        with open(os.path.join("src0", "pack2", "_build.py"), "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #400a86a7b6a4ebbf Filesystem access.
pkgs/python/[email protected]/testing/cffi1/test_zdist.py:338
        with open("setup.py", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #366d1b20e2f30270 Filesystem access.
pkgs/python/[email protected]/testing/cffi1/test_zdist.py:370
        with open(os.path.join("src1", "pack3", "__init__.py"), "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f59df63a1e58db5 Filesystem access.
pkgs/python/[email protected]/testing/cffi1/test_zdist.py:372
        with open(os.path.join("src1", "pack3", "_build.py"), "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d1a0689649908fb Filesystem access.
pkgs/python/[email protected]/testing/cffi1/test_zdist.py:379
        with open("setup.py", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb3e594a1d5aafc6 Environment-variable access.
pkgs/python/[email protected]/testing/embedding/test_basic.py:40
        org_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9763ccb37f1a97fd Filesystem access.
pkgs/python/[email protected]/testing/embedding/test_basic.py:83
            with open(pathname, 'w') as g:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a619b038ff3c3b53 Filesystem access.
pkgs/python/[email protected]/testing/embedding/test_basic.py:93
                with open(os.path.join(local_dir, filename), 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64e81c7ab09374a0 Environment-variable access.
pkgs/python/[email protected]/testing/embedding/test_basic.py:157
            if os.environ.get(key) != value:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2fa8ad88677d133f Environment-variable access.
pkgs/python/[email protected]/testing/embedding/test_basic.py:159
                os.environ[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67c66947e8108a03 Environment-variable access.
pkgs/python/[email protected]/testing/udir.py:110
        username = os.environ['USER']           #linux, et al

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d480038e41d8a4a Environment-variable access.
pkgs/python/[email protected]/testing/udir.py:113
            username = os.environ['USERNAME']   #windows

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

charset-normalizer

python dependency
expand_more 8 low-confidence finding(s)
low env_fs dependency Excluded from app score #225317412884be45 Environment-variable access.
pkgs/python/[email protected]/_mypyc_hook/backend.py:9
USE_MYPYC = os.getenv("CHARSET_NORMALIZER_USE_MYPYC", "0") == "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb265e0b66816984 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:41
        f"--color={'yes' if 'GITHUB_ACTIONS' in os.environ else 'auto'}",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a84444f0eaae045 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:174
        f"--color={'yes' if 'GITHUB_ACTIONS' in os.environ else 'auto'}",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2605c7a5f86ece67 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:207
        f"--color={'yes' if 'GITHUB_ACTIONS' in os.environ else 'auto'}",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a66159ee29cb6551 Environment-variable access.
pkgs/python/[email protected]/setup.py:11
if os.getenv("CHARSET_NORMALIZER_USE_MYPYC", None) == "1":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26852325c59e9cbb Filesystem access.
pkgs/python/[email protected]/src/charset_normalizer/api.py:896
    with open(path, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8a98bdeba6df100 Filesystem access.
pkgs/python/[email protected]/src/charset_normalizer/cli/__main__.py:76
            return open(string, self._mode, self._bufsize, self._encoding, self._errors)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b052839dc9d56623 Filesystem access.
pkgs/python/[email protected]/src/charset_normalizer/cli/__main__.py:327
                    with open(cli_result.unicode_path, "wb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

click

python dependency
expand_more 31 low-confidence finding(s)
low env_fs dependency Excluded from app score #d9b77718018edabd Filesystem access.
pkgs/python/[email protected]/src/click/_compat.py:366
        return open(file, mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #383e17873a339e75 Filesystem access.
pkgs/python/[email protected]/src/click/_compat.py:368
    return open(file, mode, encoding=encoding, errors=errors)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f56bc4c9b28ae93 Environment-variable access.
pkgs/python/[email protected]/src/click/_termui_impl.py:382
    pager_cmd_parts = shlex.split(os.environ.get("PAGER", ""), posix=False)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de0082343de272cd Environment-variable access.
pkgs/python/[email protected]/src/click/_termui_impl.py:390
    if os.environ.get("TERM") in ("dumb", "emacs"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c2545ca6f1283cf Environment-variable access.
pkgs/python/[email protected]/src/click/_termui_impl.py:442
    env = dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28fbe598b0a3afae Environment-variable access.
pkgs/python/[email protected]/src/click/_termui_impl.py:447
        less_flags = f"{os.environ.get('LESS', '')}{' '.join(cmd_params)}"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #634600c9176d666d Environment-variable access.
pkgs/python/[email protected]/src/click/_termui_impl.py:581
            rv = os.environ.get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5befa4d022362ce4 Environment-variable access.
pkgs/python/[email protected]/src/click/_termui_impl.py:601
            environ = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62bfe3a7a0a38841 Filesystem access.
pkgs/python/[email protected]/src/click/_termui_impl.py:665
            with open(name, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d1b82bd52318ef3 Filesystem access.
pkgs/python/[email protected]/src/click/_termui_impl.py:694
        null = open("/dev/null", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02bc42f7c989b857 Filesystem access.
pkgs/python/[email protected]/src/click/_termui_impl.py:823
            f = open("/dev/tty")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75d59b1e40a3d698 Filesystem access.
pkgs/python/[email protected]/src/click/core.py:1159
                formatter.write_text(text)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31abedd1add303a0 Filesystem access.
pkgs/python/[email protected]/src/click/core.py:1180
                formatter.write_text(epilog)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19d086b0c213ae2f Environment-variable access.
pkgs/python/[email protected]/src/click/core.py:1473
        instruction = os.environ.get(complete_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd2a6d8d23e696e4 Environment-variable access.
pkgs/python/[email protected]/src/click/core.py:2506
            rv = os.environ.get(self.envvar)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e938f47e3612cce Environment-variable access.
pkgs/python/[email protected]/src/click/core.py:2512
                rv = os.environ.get(envvar)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80b48d78eb673da5 Environment-variable access.
pkgs/python/[email protected]/src/click/core.py:3185
            rv = os.environ.get(envvar)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #317299b1e1aea997 Environment-variable access.
pkgs/python/[email protected]/src/click/shell_completion.py:348
        cwords = split_arg_string(os.environ["COMP_WORDS"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b211a286e6329599 Environment-variable access.
pkgs/python/[email protected]/src/click/shell_completion.py:349
        cword = int(os.environ["COMP_CWORD"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a5c29f2b0883ffb Environment-variable access.
pkgs/python/[email protected]/src/click/shell_completion.py:370
        cwords = split_arg_string(os.environ["COMP_WORDS"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1fbeec1cfd4b43ff Environment-variable access.
pkgs/python/[email protected]/src/click/shell_completion.py:371
        cword = int(os.environ["COMP_CWORD"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2920297703efd2d Environment-variable access.
pkgs/python/[email protected]/src/click/shell_completion.py:406
        cwords = split_arg_string(os.environ["COMP_WORDS"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b87db78e432864a Environment-variable access.
pkgs/python/[email protected]/src/click/shell_completion.py:407
        incomplete = os.environ["COMP_CWORD"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d38629e1e4cefd4d Environment-variable access.
pkgs/python/[email protected]/src/click/testing.py:405
                old_env[key] = os.environ.get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0dcd8206ef26dde2 Environment-variable access.
pkgs/python/[email protected]/src/click/testing.py:408
                        del os.environ[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d9dee260b3ddd07 Environment-variable access.
pkgs/python/[email protected]/src/click/testing.py:412
                    os.environ[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4afdfac2366942c Environment-variable access.
pkgs/python/[email protected]/src/click/testing.py:418
                        del os.environ[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #813c0caf0884e3b9 Environment-variable access.
pkgs/python/[email protected]/src/click/testing.py:422
                    os.environ[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e476117e0ee3e5a Filesystem access.
pkgs/python/[email protected]/src/click/utils.py:139
                open(filename, mode).close()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4bf73cd2d2d52d0d Environment-variable access.
pkgs/python/[email protected]/src/click/utils.py:482
        folder = os.environ.get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eae45dd43a2ee003 Environment-variable access.
pkgs/python/[email protected]/src/click/utils.py:493
        os.environ.get("XDG_CONFIG_HOME", os.path.expanduser("~/.config")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

configargparse

python dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #553278a14d418172 Environment-variable access.
pkgs/python/[email protected]/configargparse.py:1035
        self, args=None, namespace=None, config_file_contents=None, env_vars=os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4bc92cdafa21d7bf Environment-variable access.
pkgs/python/[email protected]/configargparse.py:1069
        env_vars=os.environ,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0c26cc8b61c0206 Filesystem access.
pkgs/python/[email protected]/setup.py:79
    long_description = open("README.md").read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

diskcache

python dependency
expand_more 6 low-confidence finding(s)
low env_fs dependency Excluded from app score #a3897552f8a59ed6 Filesystem access.
pkgs/python/[email protected]/diskcache/core.py:240
                writer = open(full_path, mode, encoding=encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0105be6a4d1df5bf Filesystem access.
pkgs/python/[email protected]/diskcache/core.py:271
                return open(op.join(self._directory, filename), 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07bc8c0b88c0d3c7 Filesystem access.
pkgs/python/[email protected]/diskcache/core.py:273
                with open(op.join(self._directory, filename), 'rb') as reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74540a0bb21a74ec Filesystem access.
pkgs/python/[email protected]/diskcache/core.py:277
            with open(full_path, 'r', encoding='UTF-8') as reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c828c4f47a35859c Filesystem access.
pkgs/python/[email protected]/diskcache/core.py:281
                with open(op.join(self._directory, filename), 'rb') as reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d256244ecd2fbe4f Filesystem access.
pkgs/python/[email protected]/setup.py:20
with open('README.rst', encoding='utf-8') as reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

distro

python dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #ed0d0032db57fcc1 Environment-variable access.
pkgs/python/[email protected]/src/distro/distro.py:75
_UNIXCONFDIR = os.environ.get("UNIXCONFDIR", "/etc")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ad6d5eb90371a13 Environment-variable access.
pkgs/python/[email protected]/src/distro/distro.py:76
_UNIXUSRLIBDIR = os.environ.get("UNIXUSRLIBDIR", "/usr/lib")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d10c9fd2d704a5c5 Filesystem access.
pkgs/python/[email protected]/src/distro/distro.py:1099
            with open(self.os_release_file, encoding="utf-8") as release_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26cd82333d69695c Filesystem access.
pkgs/python/[email protected]/src/distro/distro.py:1221
            with open(
                os.path.join(self.etc_dir, "debian_version"), encoding="ascii"
            ) as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc6b1637a1c0dcb0 Filesystem access.
pkgs/python/[email protected]/src/distro/distro.py:1323
            with open(filepath, encoding="utf-8") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

fastapi

python dependency
expand_more 57 low-confidence finding(s)
low egress dependency Excluded from app score #8d3e845e2b7a749a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/docs_src/app_testing/app_b_an_py310/test_main.py:31
    response = client.post(
        "/items/",
        headers={"X-Token": "coneofsilence"},
        json={"id": "foobar", "title": "Foo Bar", "description": "The Foo Barters"},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #644f89c78b25ac74 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/docs_src/app_testing/app_b_an_py310/test_main.py:45
    response = client.post(
        "/items/",
        headers={"X-Token": "hailhydra"},
        json={"id": "bazz", "title": "Bazz", "description": "Drop the bazz"},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b41241f96575daca Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/docs_src/app_testing/app_b_an_py310/test_main.py:55
    response = client.post(
        "/items/",
        headers={"X-Token": "coneofsilence"},
        json={
            "id": "foo",
            "title": "The Foo ID Stealers",
            "description": "There goes my stealer",
        },
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #627b4336278c1d0d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/docs_src/app_testing/app_b_py310/test_main.py:31
    response = client.post(
        "/items/",
        headers={"X-Token": "coneofsilence"},
        json={"id": "foobar", "title": "Foo Bar", "description": "The Foo Barters"},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4183e31092bbd1a5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/docs_src/app_testing/app_b_py310/test_main.py:45
    response = client.post(
        "/items/",
        headers={"X-Token": "hailhydra"},
        json={"id": "bazz", "title": "Bazz", "description": "Drop the bazz"},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d64211d1232624f3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/docs_src/app_testing/app_b_py310/test_main.py:55
    response = client.post(
        "/items/",
        headers={"X-Token": "coneofsilence"},
        json={
            "id": "foo",
            "title": "The Foo ID Stealers",
            "description": "There goes my stealer",
        },
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #41b447d23820f63d Filesystem access.
pkgs/python/[email protected]/docs_src/background_tasks/tutorial001_py310.py:7
    with open("log.txt", mode="w") as email_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fcfa60142fc92d8 Filesystem access.
pkgs/python/[email protected]/docs_src/background_tasks/tutorial002_an_py310.py:9
    with open("log.txt", mode="a") as log:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #633d12d578c4b283 Filesystem access.
pkgs/python/[email protected]/docs_src/background_tasks/tutorial002_py310.py:7
    with open("log.txt", mode="a") as log:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e3c70f9eb741e46 Filesystem access.
pkgs/python/[email protected]/docs_src/custom_response/tutorial008_py310.py:11
        with open(some_file_path, mode="rb") as file_like:  # (2)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e5038c07aad77ea Filesystem access.
pkgs/python/[email protected]/docs_src/events/tutorial002_py310.py:8
    with open("log.txt", mode="a") as log:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06f3bba363a0eb59 Filesystem access.
pkgs/python/[email protected]/docs_src/generate_clients/tutorial004_py310.py:5
openapi_content = json.loads(file_path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ba4c718931a3854 Filesystem access.
pkgs/python/[email protected]/docs_src/generate_clients/tutorial004_py310.py:15
file_path.write_text(json.dumps(openapi_content))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #e55f3eef9681116f Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/contributors.py:129
    response = httpx.post(
        github_graphql_url,
        headers=headers,
        timeout=settings.httpx_timeout,
        json={"query": query, "variables": variables, "operationName": "Q"},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #a2a7ac2649911c32 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/contributors.py:129
    response = httpx.post(
        github_graphql_url,
        headers=headers,
        timeout=settings.httpx_timeout,
        json={"query": query, "variables": variables, "operationName": "Q"},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #963dedb0da3ec407 Filesystem access.
pkgs/python/[email protected]/scripts/contributors.py:227
    old_content = content_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #815af2ca7032f885 Filesystem access.
pkgs/python/[email protected]/scripts/contributors.py:233
    content_path.write_text(new_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6a56810364ebacbf Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:99
    return mkdocs.utils.yaml_load(en_config_path.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0e1df30c3b77b0be Environment-variable access.
pkgs/python/[email protected]/scripts/docs.py:123
    os.environ["DYLD_FALLBACK_LIBRARY_PATH"] = "/opt/homebrew/lib"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #39f2f2e82992886a Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:137
    new_config_path.write_text("INHERIT: ../en/mkdocs.yml\n", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a75633106662b5a0 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:139
    new_llm_prompt_path.write_text("", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #359be2f2f2951d4b Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:209
    content = en_index.read_text("utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b1c16bd941042ccb Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:215
    sponsors = mkdocs.utils.yaml_load(sponsors_data_path.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a43da22cf1d28f84 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:244
    old_content = readme_path.read_text("utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4065aaf3052ac722 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:249
        readme_path.write_text(new_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d202249ec8a99d29 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:284
        en_config_path.write_text(
            yaml.dump(updated_config, sort_keys=False, width=200, allow_unicode=True),
            encoding="utf-8",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0cb834c74eee41ee Environment-variable access.
pkgs/python/[email protected]/scripts/docs.py:339
        args, env={**os.environ, "LINENUMS": "true"}, cwd=lang_path, check=True

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7ef7b64f97bfb45e Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:351
        language_names_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8c22ad627e4db4e2 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:422
    base_content = file_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a54da72b40a260eb Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:470
        version_file.write_text(content_format, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5427e432a923f0dd Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:526
        content = md_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e0519c9e46c1bf28 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:533
            md_file.write_text(new_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f5e83004214aa937 Filesystem access.
pkgs/python/[email protected]/scripts/docs.py:548
        all_docs_content += md_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0115e5ccf6c98130 Filesystem access.
pkgs/python/[email protected]/scripts/mkdocs_hooks.py:26
    return missing_translation_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5c9f484d1d519c68 Filesystem access.
pkgs/python/[email protected]/scripts/mkdocs_hooks.py:37
    return translation_banner_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #9bc3f908af350d66 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/notify_translations.py:218
    response = httpx.post(
        github_graphql_url,
        headers=headers,
        timeout=settings.httpx_timeout,
        json={"query": query, "variables": variables, "operationName": "Q"},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #b5298640155fc2ec Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/notify_translations.py:218
    response = httpx.post(
        github_graphql_url,
        headers=headers,
        timeout=settings.httpx_timeout,
        json={"query": query, "variables": variables, "operationName": "Q"},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #b20038847fb6d6a0 Filesystem access.
pkgs/python/[email protected]/scripts/notify_translations.py:319
    contents = settings.github_event_path.read_text("utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #c135c925f77dd7d8 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/people.py:192
    response = httpx.post(
        github_graphql_url,
        headers=headers,
        timeout=settings.httpx_timeout,
        json={"query": query, "variables": variables, "operationName": "Q"},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #7b88fc32a25c087d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/people.py:192
    response = httpx.post(
        github_graphql_url,
        headers=headers,
        timeout=settings.httpx_timeout,
        json={"query": query, "variables": variables, "operationName": "Q"},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #5e1fb5700e6ec051 Filesystem access.
pkgs/python/[email protected]/scripts/people.py:368
    old_content = content_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #725bda1ec0021b04 Filesystem access.
pkgs/python/[email protected]/scripts/people.py:374
    content_path.write_text(new_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #898d2231555175f2 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/sponsors.py:100
    response = httpx.post(
        github_graphql_url,
        headers=headers,
        timeout=settings.httpx_timeout,
        json={"query": query, "variables": variables, "operationName": "Q"},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #465f5017c530f3e6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/sponsors.py:100
    response = httpx.post(
        github_graphql_url,
        headers=headers,
        timeout=settings.httpx_timeout,
        json={"query": query, "variables": variables, "operationName": "Q"},
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #c218942a74cf720d Filesystem access.
pkgs/python/[email protected]/scripts/sponsors.py:148
    old_content = content_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f716ed54e913573c Filesystem access.
pkgs/python/[email protected]/scripts/sponsors.py:154
    content_path.write_text(new_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #01f19ef3ca08c37b Filesystem access.
pkgs/python/[email protected]/scripts/topic_repos.py:52
    repos_old_content = repos_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #dc167784c76ec4ac Filesystem access.
pkgs/python/[email protected]/scripts/topic_repos.py:57
    repos_path.write_text(new_repos_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #53472dff62350745 Filesystem access.
pkgs/python/[email protected]/scripts/translate.py:30
general_prompt = general_prompt_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a5f790ccceec630a Filesystem access.
pkgs/python/[email protected]/scripts/translate.py:37
    return yaml.safe_load(Path("docs/language_names.yml").read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6a2528348cce444f Filesystem access.
pkgs/python/[email protected]/scripts/translate.py:75
    lang_prompt_content = lang_prompt_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0b143e1fa5c8f82e Filesystem access.
pkgs/python/[email protected]/scripts/translate.py:83
    original_content = en_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5d3759e5dddc86a0 Filesystem access.
pkgs/python/[email protected]/scripts/translate.py:87
        old_translation = out_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #861704100315d6f8 Filesystem access.
pkgs/python/[email protected]/scripts/translate.py:148
    out_path.write_text(out_content, encoding="utf-8", newline="\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #bfde7109884340c5 Filesystem access.
pkgs/python/[email protected]/scripts/translation_fixer.py:80
        doc_lines = path.read_text(encoding="utf-8").splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #bfa5e5b28a32207f Filesystem access.
pkgs/python/[email protected]/scripts/translation_fixer.py:81
        en_doc_lines = en_doc_path.read_text(encoding="utf-8").splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b836df47f147d314 Filesystem access.
pkgs/python/[email protected]/scripts/translation_fixer.py:93
        path.write_text("\n".join(doc_lines), encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

filelock

python dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #3cac341904755ed0 Filesystem access.
pkgs/python/[email protected]/src/filelock/_soft.py:58
            content = Path(self.lock_file).read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

flake8

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #c6afa46f823c2bda Filesystem access.
pkgs/python/[email protected]/src/flake8/formatting/base.py:84
            self.output_fd = open(self.filename, "a")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7f2542dbda79a57 Filesystem access.
pkgs/python/[email protected]/src/flake8/processor.py:349
            with open(self.filename, encoding="latin-1") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

frozenlist

python dependency
expand_more 11 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #dd0d98eb8242d93e Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:22
    os.getenv("READTHEDOCS", "False") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #47a90dc66dfa1312 Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:23
    and os.environ["READTHEDOCS_VERSION_TYPE"] == "tag"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b9d21fe0706046d Environment-variable access.
pkgs/python/[email protected]/frozenlist/__init__.py:11
NO_EXTENSIONS = bool(os.environ.get("FROZENLIST_NO_EXTENSIONS"))  # type: bool

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad5dcc9f19aa0af1 Environment-variable access.
pkgs/python/[email protected]/packaging/pep517_backend/_backend.py:103
        (os.environ, env_var_name, KeyError),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #656bc43fb621df99 Filesystem access.
pkgs/python/[email protected]/packaging/pep517_backend/_cython_configuration.py:86
    config_toml_txt = (Path.cwd().resolve() / 'pyproject.toml').read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e3175f33adb659b Environment-variable access.
pkgs/python/[email protected]/packaging/pep517_backend/_cython_configuration.py:113
    orig_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87fadab628ec5708 Environment-variable access.
pkgs/python/[email protected]/packaging/pep517_backend/_cython_configuration.py:115
    os.environ.update(expanded_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6cbc7a3b5285ee3d Environment-variable access.
pkgs/python/[email protected]/packaging/pep517_backend/_cython_configuration.py:118
        os.environ['CFLAGS'] = ' '.join((

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa7fb24cd30fdbb6 Environment-variable access.
pkgs/python/[email protected]/packaging/pep517_backend/_cython_configuration.py:119
            os.getenv('CFLAGS', ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1461d8c9246b5db3 Environment-variable access.
pkgs/python/[email protected]/packaging/pep517_backend/_cython_configuration.py:125
        os.environ.clear()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60e013892f09f7fc Environment-variable access.
pkgs/python/[email protected]/packaging/pep517_backend/_cython_configuration.py:126
        os.environ.update(orig_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

fsspec

python dependency
expand_more 38 low-confidence finding(s)
low env_fs dependency Excluded from app score #67c376bee6ba72ab Filesystem access.
pkgs/python/[email protected]/fsspec/caching.py:156
                fd = open(self.location, "wb+")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf9a780dbaa95490 Filesystem access.
pkgs/python/[email protected]/fsspec/caching.py:161
            fd = open(self.location, "r+b")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f49c9e39343962d5 Environment-variable access.
pkgs/python/[email protected]/fsspec/config.py:11
conf_dir = os.environ.get("FSSPEC_CONFIG_DIR", default_conf_dir)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1763c59def63c124 Environment-variable access.
pkgs/python/[email protected]/fsspec/config.py:14
def set_conf_env(conf_dict, envdict=os.environ):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac7dd8415aac6eac Filesystem access.
pkgs/python/[email protected]/fsspec/config.py:93
            with open(os.path.join(cdir, fn)) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57bc4b523e1f50af Filesystem access.
pkgs/python/[email protected]/fsspec/conftest.py:111
    with open(os.path.join(d, "out"), "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f48d8171350ee637 Filesystem access.
pkgs/python/[email protected]/fsspec/implementations/cache_metadata.py:58
            with open(fn, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #465f16283f8ae0ea Filesystem access.
pkgs/python/[email protected]/fsspec/implementations/cache_metadata.py:61
            with open(fn, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53b3c6492eadc5bd Filesystem access.
pkgs/python/[email protected]/fsspec/implementations/cached.py:325
                return open(fn, mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99cf6ac13bf6b606 Filesystem access.
pkgs/python/[email protected]/fsspec/implementations/cached.py:608
            open(firstpart(fn0) if fn0 else fn1, mode=open_files.mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ec712bdfc7d9972 Filesystem access.
pkgs/python/[email protected]/fsspec/implementations/cached.py:675
            with open(fn, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25a127e695b28383 Filesystem access.
pkgs/python/[email protected]/fsspec/implementations/cached.py:687
            with self.fs._open(path, mode="rb", **kwargs) as f, open(fn, "wb") as f2:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13a6d37bcd8c187e Filesystem access.
pkgs/python/[email protected]/fsspec/implementations/cached.py:733
            f = open(fn, mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #588fe82d3141414e Filesystem access.
pkgs/python/[email protected]/fsspec/implementations/cached.py:861
        with open(fn, "rb") as f:  # noqa ASYNC230

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05a34ac2568b606a Filesystem access.
pkgs/python/[email protected]/fsspec/implementations/cached.py:913
            with self.fs._open(path, mode="rb", **kwargs) as f, open(fn, "wb") as f2:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb2d2ab92061002b Filesystem access.
pkgs/python/[email protected]/fsspec/implementations/cached.py:947
            return open(fn, mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3eac7a99c63cdfb Filesystem access.
pkgs/python/[email protected]/fsspec/implementations/cached.py:970
        self.fh = open(fn, mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f420c56f5433c28e Filesystem access.
pkgs/python/[email protected]/fsspec/implementations/ftp.py:205
            outfile = open(lpath, "wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4933e0a01dd5817 Filesystem access.
pkgs/python/[email protected]/fsspec/implementations/http.py:268
                outfile = open(lpath, "wb")  # noqa: ASYNC230

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b8c04c9088232b2 Filesystem access.
pkgs/python/[email protected]/fsspec/implementations/http.py:300
                context = open(lpath, "rb")  # noqa: ASYNC230

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #3479936bb75677ca Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/fsspec/implementations/http.py:563
        async with session.put(url, data=value, headers=headers, **kwargs) as r:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #897f7f823b2016f4 Filesystem access.
pkgs/python/[email protected]/fsspec/implementations/http.py:832
        with open(file, "r+b") as f:  # noqa: ASYNC230

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e504c7e91e9a03f5 Filesystem access.
pkgs/python/[email protected]/fsspec/implementations/http_sync.py:390
            lpath = open(lpath, "wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11931d54fb2f1b67 Filesystem access.
pkgs/python/[email protected]/fsspec/implementations/http_sync.py:411
                context = open(lpath, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #e6921e320ef6d7ee Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/fsspec/implementations/jupyter.py:86
        self.session.put(f"{self.url}/{path}", json=json)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e5c1f9080d2d71a9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/fsspec/implementations/jupyter.py:99
        self.session.put(f"{self.url}/{path}", json=json)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #70d4f82b143cf17e Filesystem access.
pkgs/python/[email protected]/fsspec/implementations/local.py:154
            with open(path1, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f25f6b15754d3315 Filesystem access.
pkgs/python/[email protected]/fsspec/implementations/local.py:223
            open(path, "a").close()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5b09e31e8cda034 Filesystem access.
pkgs/python/[email protected]/fsspec/implementations/local.py:396
                self.f = open(self.path, mode=self.mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f822829a3a15f5a Filesystem access.
pkgs/python/[email protected]/fsspec/implementations/local.py:405
                self.f = open(name, mode=self.mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfe71c3b2f8d7dba Filesystem access.
pkgs/python/[email protected]/fsspec/implementations/reference.py:855
        with open(lpath, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f739b13104073c8 Filesystem access.
pkgs/python/[email protected]/fsspec/implementations/reference.py:866
            with open(lpath, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #165cc7a87cf7a1a6 Filesystem access.
pkgs/python/[email protected]/fsspec/implementations/reference.py:1240
        with open(lpath, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #38e658f061095206 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/fsspec/implementations/webhdfs.py:455
        out = self.fs.session.post(
            self.location,
            data=self.buffer.getvalue(),
            headers={"content-type": "application/octet-stream"},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #409d9c968b04a26b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/fsspec/implementations/webhdfs.py:475
            out2 = self.fs.session.put(
                location, headers={"content-type": "application/octet-stream"}
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #3f367bbe98fe5a8b Filesystem access.
pkgs/python/[email protected]/fsspec/spec.py:934
                outfile = open(lpath, "wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0f3baf4d216ba25 Filesystem access.
pkgs/python/[email protected]/fsspec/spec.py:1023
        with open(lpath, "rb") as f1:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dcd8d3e7d7c71797 Filesystem access.
pkgs/python/[email protected]/fsspec/utils.py:629
        with open(fd, mode) as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

gitpython

python dependency
expand_more 52 low-confidence finding(s)
low env_fs dependency Excluded from app score #deb9f4dd1c9ceb9d Filesystem access.
pkgs/python/[email protected]/doc/source/conf.py:50
with open(os.path.join(os.path.dirname(__file__), "..", "..", "VERSION")) as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de36e1f32a866da6 Environment-variable access.
pkgs/python/[email protected]/git/cmd.py:659
    GIT_PYTHON_TRACE = os.environ.get("GIT_PYTHON_TRACE", False)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4001f67e9c500699 Environment-variable access.
pkgs/python/[email protected]/git/cmd.py:775
            new_git = os.environ.get(cls._git_exec_env_var, cls.git_exec_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #059f5d5cac618f4f Environment-variable access.
pkgs/python/[email protected]/git/cmd.py:824
                mode = os.environ.get(cls._refresh_env_var, "raise").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed6c4229fa0a6d54 Environment-variable access.
pkgs/python/[email protected]/git/cmd.py:1240
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5490723eede5ff49 Filesystem access.
pkgs/python/[email protected]/git/cmd.py:1262
        stdout_sink = PIPE if with_stdout else getattr(subprocess, "DEVNULL", None) or open(os.devnull, "wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1cca7f11fe9d96ae Environment-variable access.
pkgs/python/[email protected]/git/config.py:256
        config_home = os.environ.get("XDG_CONFIG_HOME") or osp.join(os.environ.get("HOME", "~"), ".config")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77b98188ddb02780 Filesystem access.
pkgs/python/[email protected]/git/config.py:637
                    with open(file_path, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d878b83b814011cd Filesystem access.
pkgs/python/[email protected]/git/config.py:755
            with open(fp, "wb") as fp_open:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05e9ab2ebc2c1f8f Filesystem access.
pkgs/python/[email protected]/git/index/base.py:705
                return open(filepath, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #055545fc5a5b958d Filesystem access.
pkgs/python/[email protected]/git/index/base.py:1178
        with open(self._commit_editmsg_filepath(), "wb") as commit_editmsg_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae91276b5c3ff841 Filesystem access.
pkgs/python/[email protected]/git/index/base.py:1185
        with open(self._commit_editmsg_filepath(), "rb") as commit_editmsg_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9bd7acc364aa1f3b Environment-variable access.
pkgs/python/[email protected]/git/index/fun.py:89
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2b4e894d3c1de43 Environment-variable access.
pkgs/python/[email protected]/git/objects/commit.py:641
        env = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7641c07e17e17812 Filesystem access.
pkgs/python/[email protected]/git/objects/submodule/base.py:428
        with open(git_file, "wb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #edbf038797cfe418 Filesystem access.
pkgs/python/[email protected]/git/refs/log.py:265
        with open(filepath, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b9ae216f39a32a6 Filesystem access.
pkgs/python/[email protected]/git/refs/log.py:361
            fd = open(filepath, "ab")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24cfa767c96c5f58 Filesystem access.
pkgs/python/[email protected]/git/refs/symbolic.py:126
            with open(cls._get_packed_refs_path(repo), "rt", encoding="UTF-8") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06cd932b72c0bb19 Filesystem access.
pkgs/python/[email protected]/git/refs/symbolic.py:239
            with open(os.path.join(repodir, ref_path), "rt", encoding="UTF-8") as fp:  # type: ignore[arg-type]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ccced620eeb21a9d Filesystem access.
pkgs/python/[email protected]/git/refs/symbolic.py:642
                with open(pack_file_path, "rb") as reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9d8dc4889abd839 Filesystem access.
pkgs/python/[email protected]/git/refs/symbolic.py:670
                    with open(pack_file_path, "wb") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3bbd251202a6b6b Filesystem access.
pkgs/python/[email protected]/git/refs/symbolic.py:713
            with open(abs_ref_path, "rb") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e160d2e7d41a5fc Filesystem access.
pkgs/python/[email protected]/git/refs/symbolic.py:797
                with open(new_abs_path, "rb") as fd1:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #635173754262edc7 Filesystem access.
pkgs/python/[email protected]/git/refs/symbolic.py:799
                with open(cur_abs_path, "rb") as fd2:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #285b5c2e72985e82 Filesystem access.
pkgs/python/[email protected]/git/remote.py:915
        with open(fetch_head.abspath, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1059f50d403ab7d Environment-variable access.
repo/base.py:216
        epath = path or os.getenv("GIT_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ef2196c3906b1a9 Environment-variable access.
repo/base.py:258
                if os.environ.get("GIT_COMMON_DIR") is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ac1073d1c66e618 Environment-variable access.
repo/base.py:262
                if "GIT_WORK_TREE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #230eb7f2815a6927 Environment-variable access.
repo/base.py:263
                    self._working_tree_dir = os.getenv("GIT_WORK_TREE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b36c25b77ec94eb0 Filesystem access.
repo/base.py:299
            common_dir = (Path(self.git_dir) / "commondir").read_text().splitlines()[0].strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6890b85c6801214e Filesystem access.
repo/base.py:360
        with open(filename, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33d5400a9c471674 Filesystem access.
repo/base.py:366
        with open(filename, "wb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71641410b628cff7 Environment-variable access.
repo/base.py:641
            config_home = os.environ.get("XDG_CONFIG_HOME") or osp.join(os.environ.get("HOME", "~"), ".config")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09eb4221c1ad3588 Filesystem access.
repo/base.py:900
            with open(alternates_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a102d5c25c0b29bd Filesystem access.
repo/base.py:923
            with open(alternates_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cdc32aa2c8f84b45 Filesystem access.
repo/base.py:1631
        with open(rebase_head_file, "rt") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dccc8039ae4e5215 Filesystem access.
repo/fun.py:52
    with open(filename, "ab"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6731ded3032af9e3 Environment-variable access.
repo/fun.py:66
        if (osp.isdir(osp.join(d, "objects")) or "GIT_OBJECT_DIRECTORY" in os.environ) and osp.isdir(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23817a45d467d0a8 Filesystem access.
repo/fun.py:90
        lines = Path(dotgit).read_text().splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc038d93af776937 Filesystem access.
repo/fun.py:105
        with open(d) as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a89943539fba198 Environment-variable access.
pkgs/python/[email protected]/git/util.py:122
        value = os.environ[name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0e8c4bd86d93f81 Environment-variable access.
pkgs/python/[email protected]/git/util.py:201
    old_value = os.getenv(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a528d49b4c12203 Environment-variable access.
pkgs/python/[email protected]/git/util.py:202
    os.environ[name] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #265a6fb49dd8b777 Environment-variable access.
pkgs/python/[email protected]/git/util.py:207
            del os.environ[name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ff495aa61945a32 Environment-variable access.
pkgs/python/[email protected]/git/util.py:209
            os.environ[name] = old_value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #079296cd9645f579 Environment-variable access.
pkgs/python/[email protected]/git/util.py:338
    PATHEXT = os.environ.get("PATHEXT", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #929d68a44c12aeae Environment-variable access.
pkgs/python/[email protected]/git/util.py:374
        path = os.environ["PATH"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41c0e020bbfb4a84 Environment-variable access.
pkgs/python/[email protected]/git/util.py:865
                val = os.environ[evar]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #672272c3ff763c58 Filesystem access.
pkgs/python/[email protected]/git/util.py:1051
            with open(lock_file, mode="w"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6a49b1c8d796a11 Filesystem access.
pkgs/python/[email protected]/setup.py:14
    return (Path(__file__).parent / path).read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff28126aaa7ebf47 Filesystem access.
pkgs/python/[email protected]/setup.py:49
        with open(filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e8a3ca6b9cff630 Filesystem access.
pkgs/python/[email protected]/setup.py:59
        with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

grep-ast

python dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #21502bdb5d802629 Filesystem access.
pkgs/python/[email protected]/grep_ast/main.py:82
        with open(filename, "r", encoding=args.encoding) as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2ed87d6c3707563 Filesystem access.
pkgs/python/[email protected]/setup.py:5
with open("requirements.txt") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2491efb27af1cae4 Filesystem access.
pkgs/python/[email protected]/setup.py:8
with open("README.md", "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

h11

python dependency
expand_more 4 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #84225d39179814ee Filesystem access.
pkgs/python/[email protected]/docs/source/make-state-diagrams.py:57
    with open(out_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #79570621816b5888 Filesystem access.
pkgs/python/[email protected]/docs/source/make-state-diagrams.py:95
    with open(out_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd8b92168136e21e Filesystem access.
pkgs/python/[email protected]/setup.py:4
exec(open("h11/_version.py").read())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #844394dc087ccc8e Filesystem access.
pkgs/python/[email protected]/setup.py:11
    long_description=open("README.rst").read(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

httpx

python dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #1b3794360dd6a0dc Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:34
        if trust_env and os.environ.get("SSL_CERT_FILE"):  # pragma: nocover

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c49480bdff4a9d2b Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:35
            ctx = ssl.create_default_context(cafile=os.environ["SSL_CERT_FILE"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab9605910edf7a57 Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:36
        elif trust_env and os.environ.get("SSL_CERT_DIR"):  # pragma: nocover

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #397f0a570546258f Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:37
            ctx = ssl.create_default_context(capath=os.environ["SSL_CERT_DIR"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

huggingface-hub

python dependency
expand_more 159 low-confidence finding(s)
low env_fs dependency Excluded from app score #a86230921ac7c71b Filesystem access.
pkgs/python/[email protected]/setup.py:8
    with open(rel_path, "r") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69ff1b49903c5ffe Filesystem access.
pkgs/python/[email protected]/setup.py:112
    long_description=open("README.md", "r", encoding="utf-8").read(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed4db6851a3ae552 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/__init__.py:1157
if os.environ.get("EAGER_IMPORT", ""):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2e58116132a6ae6 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/_buckets.py:360
    with open(filter_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffac9de25c736f2b Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/_buckets.py:778
    with open(plan_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76a22908f134b0e7 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/_buckets.py:784
    with open(plan_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9aa446c9bf6b778 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/_commit_api.py:249
                with open(self.path_or_fileobj, "rb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9b02a2002ce894c Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/_local_folder.py:438
                gitignore.write_text("*")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9fbf15d73ac5274 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/_login.py:445
    path.write_text(token)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a13814c1056824f Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/_oauth.py:183
    if os.getenv("SPACE_ID") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a604e2735f226596 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/_oauth.py:319
                host = os.environ.get("SPACE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc55bd14bf317791 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/_snapshot_download.py:285
                with open(ref_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #474930d4b572fbe8 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/_snapshot_download.py:374
            with open(ref_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2535ec4ca029bd2d Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/_webhooks_server.py:39
_is_local = os.environ.get("SPACE_ID") is None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22eccb5aa9ab60e2 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/_webhooks_server.py:111
        self.webhook_secret = webhook_secret or os.getenv("WEBHOOK_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #1d1df0894b08fbe9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/_webhooks_server.py:178
            self.fastapi_app.post(path)(func)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #53728450810378bd Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/_webhooks_server.py:181
        space_host = os.environ.get("SPACE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87f6707d2223463f Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/cli/_cli_utils.py:86
            formatter.write_text(line)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #981ca13a0f7d9aa0 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/cli/buckets.py:987
                    with open(tmp_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ebeb5ed070413706 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/cli/discussions.py:102
        return body_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fc96d61d98a8372 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/cli/discussions.py:283
        os.environ["NO_COLOR"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6966bd89683bcdbc Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/cli/extensions.py:71
        data = json.loads(manifest_path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45f2665f7a076c5f Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/cli/extensions.py:80
        manifest_path.write_text(json.dumps(data, indent=2, sort_keys=True))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9bb40a45deaae285 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/cli/jobs.py:328
        env_map.update(load_dotenv(Path(env_file).read_text(), environ=os.environ.copy()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #279154945062446e Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/cli/jobs.py:328
        env_map.update(load_dotenv(Path(env_file).read_text(), environ=os.environ.copy()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61c9c95f56de6806 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/cli/jobs.py:330
        env_map.update(load_dotenv(env_value, environ=os.environ.copy()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0580ae4fa957b15f Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/cli/jobs.py:335
        secrets_map.update(load_dotenv(Path(secrets_file).read_text(), environ=extended_environ))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d07b3cf283f2a281 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/cli/jobs.py:799
        env_map.update(load_dotenv(Path(env_file).read_text(), environ=os.environ.copy()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9806eec51367d849 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/cli/jobs.py:799
        env_map.update(load_dotenv(Path(env_file).read_text(), environ=os.environ.copy()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb7758b52c4db2ad Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/cli/jobs.py:801
        env_map.update(load_dotenv(env_value, environ=os.environ.copy()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0867abaddd5629d5 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/cli/jobs.py:805
        secrets_map.update(load_dotenv(Path(secrets_file).read_text(), environ=extended_environ))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4dccf2b47597541a Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/cli/jobs.py:861
        env_map.update(load_dotenv(Path(env_file).read_text(), environ=os.environ.copy()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d5e1ffd58c51b94 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/cli/jobs.py:861
        env_map.update(load_dotenv(Path(env_file).read_text(), environ=os.environ.copy()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6cefab7210779de1 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/cli/jobs.py:863
        env_map.update(load_dotenv(env_value, environ=os.environ.copy()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27d94bfe24f76aff Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/cli/jobs.py:867
        secrets_map.update(load_dotenv(Path(secrets_file).read_text(), environ=extended_environ))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54cac0cbb5a3ce28 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/cli/jobs.py:1089
        env_map.update(load_dotenv(Path(env_file).read_text(), environ=os.environ.copy()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2a8814fe2c1f379 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/cli/jobs.py:1089
        env_map.update(load_dotenv(Path(env_file).read_text(), environ=os.environ.copy()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8be1ac4829e8b43c Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/cli/jobs.py:1091
        env_map.update(load_dotenv(env_value, environ=os.environ.copy()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba8c7380594ec5cd Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/cli/jobs.py:1095
        secrets_map.update(load_dotenv(Path(secrets_file).read_text(), environ=extended_environ))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f934dbd65bbe0a8 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/cli/jobs.py:1168
    extended_environ = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbda3572701db6a2 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/cli/lfs.py:140
        with open(filepath, "rb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #3bb954338f2fb009 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/cli/lfs.py:147
                    r = get_session().put(presigned_url, data=data)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #6d7227018e1f6f7a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/cli/lfs.py:166
        r = get_session().post(
            completion_url,
            json={
                "oid": oid,
                "parts": parts,
            },
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #c0504f66be156652 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/cli/skills.py:179
    (dest / "SKILL.md").write_text(build_skill_md(), encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79bea28ce7b22f25 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/cli/spaces.py:421
        if command := os.getenv(env, "").strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1369b5f3c5179966 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:63
_staging_mode = _is_true(os.environ.get("HUGGINGFACE_CO_STAGING"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e89646ed7a25545 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:67
ENDPOINT = os.getenv("HF_ENDPOINT", _HF_DEFAULT_ENDPOINT).rstrip("/")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #293ecb3449dd2d58 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:81
INFERENCE_ENDPOINT = os.environ.get("HF_INFERENCE_ENDPOINT", "https://api-inference.huggingface.co")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45a289d55db67d92 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:134
        os.getenv(
            "HF_HOME",
            os.path.join(os.getenv("XDG_CACHE_HOME", default_home), "huggingface"),
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7c1c7b09a3965a6 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:136
            os.path.join(os.getenv("XDG_CACHE_HOME", default_home), "huggingface"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eeb2033cd8ad7465 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:145
HUGGINGFACE_HUB_CACHE = os.getenv("HUGGINGFACE_HUB_CACHE", default_cache_path)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21bc03c13dedd265 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:146
HUGGINGFACE_ASSETS_CACHE = os.getenv("HUGGINGFACE_ASSETS_CACHE", default_assets_cache_path)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59b3020fcecc99ee Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:151
        os.getenv(
            "HF_HUB_CACHE",
            HUGGINGFACE_HUB_CACHE,
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c99b3ffec8d0688 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:159
        os.getenv(
            "HF_ASSETS_CACHE",
            HUGGINGFACE_ASSETS_CACHE,
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ab2c6736b1daefb Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:166
HF_HUB_OFFLINE = _is_true(os.environ.get("HF_HUB_OFFLINE") or os.environ.get("TRANSFORMERS_OFFLINE"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5156e9dfed91128f Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:194
HF_DEBUG = _is_true(os.environ.get("HF_DEBUG"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa60ccf4c1e64447 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:198
    _is_true(os.environ.get("HF_HUB_DISABLE_TELEMETRY"))  # HF-specific env variable

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7e9e55ed0370a21 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:199
    or _is_true(os.environ.get("DISABLE_TELEMETRY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6e8876e54e824ba Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:200
    or _is_true(os.environ.get("DO_NOT_TRACK"))  # https://consoledonottrack.com/

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd13f6d970aedf4a Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:205
        os.getenv(
            "HF_TOKEN_PATH",
            os.path.join(HF_HOME, "token"),
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8d1eeb0d7eac7a6 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:226
__HF_HUB_DISABLE_PROGRESS_BARS = os.environ.get("HF_HUB_DISABLE_PROGRESS_BARS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b413b74b109e6bd6 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:232
HF_HUB_DISABLE_SYMLINKS_WARNING: bool = _is_true(os.environ.get("HF_HUB_DISABLE_SYMLINKS_WARNING"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba43ee721f112526 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:235
HF_HUB_DISABLE_EXPERIMENTAL_WARNING: bool = _is_true(os.environ.get("HF_HUB_DISABLE_EXPERIMENTAL_WARNING"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b08bbc7b1a92ce1 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:238
HF_HUB_DISABLE_IMPLICIT_TOKEN: bool = _is_true(os.environ.get("HF_HUB_DISABLE_IMPLICIT_TOKEN"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #085bae822d2bfda2 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:240
HF_XET_HIGH_PERFORMANCE: bool = _is_true(os.environ.get("HF_XET_HIGH_PERFORMANCE"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3a637aa7a0a2090 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:243
if _is_true(os.environ.get("HF_HUB_ENABLE_HF_TRANSFER")) and not HF_XET_HIGH_PERFORMANCE:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a9d9652226fa59e Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:254
HF_HUB_ETAG_TIMEOUT: int = _as_int(os.environ.get("HF_HUB_ETAG_TIMEOUT")) or DEFAULT_ETAG_TIMEOUT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f2cb0c50c56a166 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:258
HF_HUB_DOWNLOAD_TIMEOUT: int = _as_int(os.environ.get("HF_HUB_DOWNLOAD_TIMEOUT")) or DEFAULT_DOWNLOAD_TIMEOUT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1413b04472a46a8 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:261
HF_HUB_USER_AGENT_ORIGIN: Optional[str] = os.environ.get("HF_HUB_USER_AGENT_ORIGIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bcda003e923847f1 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:268
OAUTH_CLIENT_ID = os.environ.get("OAUTH_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdf274badc0ef1a9 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:269
OAUTH_CLIENT_SECRET = os.environ.get("OAUTH_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #102416739e725240 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:270
OAUTH_SCOPES = os.environ.get("OAUTH_SCOPES")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74c02fb5ae19dd64 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:271
OPENID_PROVIDER_URL = os.environ.get("OPENID_PROVIDER_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1591b224c84c147e Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:282
HF_XET_CACHE = os.getenv("HF_XET_CACHE", default_xet_cache_path)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d593e3ee9967e91 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:283
HF_HUB_DISABLE_XET: bool = _is_true(os.environ.get("HF_HUB_DISABLE_XET"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52f83d738389af25 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/fastai_utils.py:267
        with open(path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52d5b774ed0f2791 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/file_download.py:688
        if not ref_path.exists() or commit_hash != ref_path.read_text():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4122907db629bd0 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/file_download.py:692
            ref_path.write_text(commit_hash)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c04f05d1490ebb7 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/file_download.py:1094
                    with open(ref_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6eadbfc56e065d8 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/file_download.py:1357
            with open(paths.file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a495d8833672d1f2 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/file_download.py:1503
            with open(revision_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #69428f990729b777 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:3767
        response = get_session().post(
            f"{self.endpoint}/api/{repo_type}s/{repo_id}/paths-info/{revision}",
            data={
                "paths": paths if isinstance(paths, list) else [paths],
                "expand": expand,
            },
            headers=headers,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b5387c2f85cd5a6e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:3981
            response = get_session().post(url, headers=headers, json=payload)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e803d0ecd662c6d4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:4095
            r = get_session().post(path, headers=headers, json=json)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #35e90bf6783cea35 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:4171
        r = get_session().request("DELETE", path, headers=headers, json=json)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ee1955dcc14c6c66 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:4306
        r = get_session().post(path, headers=headers, json=json)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #e9cf3a27d82cba6e Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:6063
            with open(index_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #bfbd0b1c6c063f94 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:6715
        resp = get_session().post(
            f"{self.endpoint}/api/{repo_type}s/{repo_id}/discussions",
            json={
                "title": title.strip(),
                "description": description,
                "pullRequest": pull_request,
            },
            headers=headers,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d517162a93aa70ea Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:6813
        resp = get_session().post(path, headers=headers, json=body)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f8585c4a8b0ae057 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:7238
        r = get_session().post(
            f"{self.endpoint}/api/spaces/{repo_id}/secrets",
            headers=self._build_hf_headers(token=token),
            json=payload,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b5d2c21f541e9518 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:7263
        r = get_session().request(
            "DELETE",
            f"{self.endpoint}/api/spaces/{repo_id}/secrets",
            headers=self._build_hf_headers(token=token),
            json={"key": key},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #0e032714196885d4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:7327
        r = get_session().post(
            f"{self.endpoint}/api/spaces/{repo_id}/variables",
            headers=self._build_hf_headers(token=token),
            json=payload,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e625dfc66253a802 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:7355
        r = get_session().request(
            "DELETE",
            f"{self.endpoint}/api/spaces/{repo_id}/variables",
            headers=self._build_hf_headers(token=token),
            json={"key": key},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f9858f84832ba4c1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:7427
        r = get_session().post(
            f"{self.endpoint}/api/spaces/{repo_id}/hardware",
            headers=self._build_hf_headers(token=token),
            json=payload,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #85551150f1598774 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:7465
        r = get_session().post(
            f"{self.endpoint}/api/spaces/{repo_id}/sleeptime",
            headers=self._build_hf_headers(token=token),
            json={"seconds": sleep_time},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f7d576ba040982c7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:7516
        r = get_session().post(
            f"{self.endpoint}/api/spaces/{repo_id}/pause", headers=self._build_hf_headers(token=token)
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ef23f5e7b0a368c5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:7553
        r = get_session().post(
            f"{self.endpoint}/api/spaces/{repo_id}/dev-mode",
            headers=self._build_hf_headers(token=token),
            json={"enabled": True},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #586d13f8cbfa0c32 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:7597
        r = get_session().post(
            f"{self.endpoint}/api/spaces/{repo_id}/dev-mode",
            headers=self._build_hf_headers(token=token),
            json={"enabled": False},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #0cc5d3320025113c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:7645
        r = get_session().post(
            f"{self.endpoint}/api/spaces/{repo_id}/restart", headers=self._build_hf_headers(token=token), params=params
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #edaa72ee6feada4a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:7794
        r = get_session().post(
            f"{self.endpoint}/api/{api_prefix}/{from_id}/duplicate",
            headers=self._build_hf_headers(token=token),
            json=payload,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #1302400c89667f50 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:7934
        r = get_session().post(
            f"{self.endpoint}/api/spaces/{repo_id}/storage",
            headers=self._build_hf_headers(token=token),
            json=payload,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f422d371ab394329 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:8265
        response = get_session().post(
            f"{constants.INFERENCE_ENDPOINTS_ENDPOINT}/endpoint/{namespace}",
            headers=self._build_hf_headers(token=token),
            json=payload,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #56f957ad6ca43912 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:8323
        response = get_session().post(
            f"{constants.INFERENCE_CATALOG_ENDPOINT}/deploy",
            headers=self._build_hf_headers(token=token),
            json=payload,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #953685ba8f308822 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:8546
        response = get_session().put(
            f"{constants.INFERENCE_ENDPOINTS_ENDPOINT}/endpoint/{namespace}/{name}",
            headers=self._build_hf_headers(token=token),
            json=payload,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #974818c5f0dccc90 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:8610
        response = get_session().post(
            f"{constants.INFERENCE_ENDPOINTS_ENDPOINT}/endpoint/{namespace}/{name}/pause",
            headers=self._build_hf_headers(token=token),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #661a8061d7a96313 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:8649
        response = get_session().post(
            f"{constants.INFERENCE_ENDPOINTS_ENDPOINT}/endpoint/{namespace}/{name}/resume",
            headers=self._build_hf_headers(token=token),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #8c9d0cec25190274 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:8691
        response = get_session().post(
            f"{constants.INFERENCE_ENDPOINTS_ENDPOINT}/endpoint/{namespace}/{name}/scale-to-zero",
            headers=self._build_hf_headers(token=token),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e84fd9f10fc93fdf Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:8862
        r = get_session().post(
            f"{self.endpoint}/api/collections", headers=self._build_hf_headers(token=token), json=payload
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #306f1f7fcb6e7a35 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:9049
        r = get_session().post(
            f"{self.endpoint}/api/collections/{collection_slug}/items",
            headers=self._build_hf_headers(token=token),
            json=payload,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #63d20d7c8845694f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:9543
        response = get_session().post(
            f"{constants.ENDPOINT}/api/{repo_type}s/{repo_id}/user-access-request/handle",
            headers=self._build_hf_headers(token=token),
            json=payload,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a3ce908c6e52a7a8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:9593
        response = get_session().post(
            f"{constants.ENDPOINT}/api/{repo_type}s/{repo_id}/user-access-request/grant",
            headers=self._build_hf_headers(token=token),
            json={"user": user},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #0c9fad8667d9ce10 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:9822
        response = get_session().post(
            f"{constants.ENDPOINT}/api/settings/webhooks",
            json=post_webhooks_json,
            headers=self._build_hf_headers(token=token),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #23cb0408dea9f335 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:9910
        response = get_session().post(
            f"{constants.ENDPOINT}/api/settings/webhooks/{webhook_id}",
            json=update_json,
            headers=self._build_hf_headers(token=token),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4a9397c145c35162 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:9964
        response = get_session().post(
            f"{constants.ENDPOINT}/api/settings/webhooks/{webhook_id}/enable",
            headers=self._build_hf_headers(token=token),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #bd68eb00207fa4f0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:10017
        response = get_session().post(
            f"{constants.ENDPOINT}/api/settings/webhooks/{webhook_id}/disable",
            headers=self._build_hf_headers(token=token),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #fa6ff89d14a0d375 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:10171
                content=relpath_to_abspath["README.md"].read_text(encoding="utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #7706f256db7cb3bb Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:10218
        response = get_session().post(
            f"{self.endpoint}/api/validate-yaml",
            json={"content": content, "repoType": repo_type},
            headers=headers,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2be2df98ace19303 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:10697
        response = get_session().post(
            f"{self.endpoint}/api/jobs/{namespace}",
            json=job_spec,
            headers=self._build_hf_headers(token=token),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #7d32dc7843428477 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:11054
        get_session().post(
            f"{self.endpoint}/api/jobs/{namespace}/{job_id}/cancel",
            headers=self._build_hf_headers(token=token),
        ).raise_for_status()

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #65bfe4a2cfcd9e57 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:11286
        response = get_session().post(
            f"{self.endpoint}/api/scheduled-jobs/{namespace}",
            json=input_json,
            headers=self._build_hf_headers(token=token),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #9e589399cba1d841 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:11420
        get_session().post(
            f"{self.endpoint}/api/scheduled-jobs/{namespace}/{scheduled_job_id}/suspend",
            headers=self._build_hf_headers(token=token),
        ).raise_for_status()

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #13eadf02a3332793 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:11449
        get_session().post(
            f"{self.endpoint}/api/scheduled-jobs/{namespace}/{scheduled_job_id}/resume",
            headers=self._build_hf_headers(token=token),
        ).raise_for_status()

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #7dfa9f581dfc8141 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:11661
                remote_file_name + " " + base64.b64encode(Path(local_file_to_include).read_bytes()).decode()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #05490fbe271bcc92 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:11741
        response = get_session().post(
            f"{self.endpoint}/api/buckets/{namespace}/{name}",
            headers=self._build_hf_headers(token=token),
            json=payload,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #36523def21e668f5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:11946
        response = get_session().post(path, headers=headers, json=json_payload)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #84389a0ccac837c1 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:12648
    with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7c994812cc29769 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:12740
        with open(index_file_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5552a44989507dc Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/hf_file_system.py:1142
            outfile = open(lpath, "wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86878f3d4d1ad26e Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/hub_mixin.py:431
                config_path.write_text(config_str)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c0e976e99ef79d4 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/hub_mixin.py:521
            with open(config_file, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd52f60588d12622 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/inference/_common.py:172
        return MimeBytes(content.read_bytes(), mime_type=mimetypes.guess_type(content)[0])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #3fb87f259e5a9db9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/inference/_generated/_async_client.py:298
                response = await client.post(
                    request_parameters.url,
                    json=request_parameters.json,
                    data=request_parameters.data,
                    headers=request_parameters.headers,
                    cookies=self.cookies,
                    timeout=self.timeout,
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #1097dcccfb9d7b2d Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/inference/_mcp/cli.py:125
                    final_value = os.getenv(env_variable_key, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5b7a78d20e7da10 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/inference/_mcp/utils.py:95
        config: AgentConfig = json.loads(cfg_file.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94d4fc8a01b0a4a0 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/inference/_mcp/utils.py:100
                prompt = prompt_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64dafb8f092f3f53 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/inference/_mcp/utils.py:110
        return json.loads(path.read_text(encoding="utf-8")), None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef6f848ae19e7dc4 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/inference/_providers/fal_ai.py:102
                with open(inputs, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb1b95b0158981d0 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/inference/_providers/wavespeed.py:118
            with open(inputs, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de6c8b15a46c036e Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/lfs.py:76
        with io.open(path, "rb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10dd87de061cdc6a Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/repocard.py:132
        with open(filepath, mode="w", newline="", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #d17cc3bf7ace3875 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/repocard.py:218
            response = get_session().post("https://huggingface.co/api/validate-yaml", json=body, headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #a7e845b01410cd8f Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/repocard.py:274
            tmp_path.write_text(str(self), encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e64466c9d165dcb2 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/repocard.py:325
            template_str = Path(template_path).read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #695eab85367b96f9 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/repocard.py:327
            template_str = Path(cls.default_template_path).read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f107fb0ec54bea6 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/repocard.py:507
    content = Path(local_path).read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f994214476c9cff5 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/repocard.py:530
        with open(local_path, "r", newline="", encoding="utf8") as readme:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e177577da1b294ca Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/repocard.py:538
    with open(local_path, "w", newline="", encoding="utf8") as readme:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da9c48679e6bae9e Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/serialization/_dduf.py:152
    index = json.loads(entries["model_index.json"].read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #282aae8302aa81b3 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/serialization/_dduf.py:304
        return Path(content).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a0b679420784241 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/serialization/_torch.py:279
        with open(os.path.join(save_directory, index_path), "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e5d9dd42fa71acb Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/serialization/_torch.py:508
    with open(index_file, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0032a4c9cb4ddd5b Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/utils/_auth.py:118
    return _clean_token(os.environ.get("HF_TOKEN") or os.environ.get("HUGGING_FACE_HUB_TOKEN"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57334e505536059e Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/utils/_auth.py:123
        return _clean_token(Path(constants.HF_TOKEN_PATH).read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b734feceebad87d Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/utils/_runtime.py:313
    return os.environ.get("VERTEX_PRODUCT") == "COLAB_ENTERPRISE"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4dc16dc2f2e20392 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/utils/_terminal.py:86
        if os.environ.get("NO_COLOR"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e24f98dc10e59782 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/utils/_verification.py:59
            return ref_path.read_text(encoding="utf-8").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db3e914ecf7aad4e Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/utils/_verification.py:65
        return main_ref.read_text(encoding="utf-8").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a4a79bdadf8606e Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/utils/logging.py:58
    env_level_str = os.getenv("HF_HUB_VERBOSITY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07b1964c00ff9174 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/utils/tqdm.py:209
    if os.getenv("TQDM_POSITION") == "-1":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

importlib-metadata

python dependency
expand_more 13 low-confidence finding(s)
low env_fs dependency Excluded from app score #72a88941dbb8832a Filesystem access.
pkgs/python/[email protected]/importlib_metadata/__init__.py:319
        return self.locate().read_text(encoding=encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6dd8a4f5dfb42ecf Filesystem access.
pkgs/python/[email protected]/importlib_metadata/__init__.py:322
        return self.locate().read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e22f35c4f7be070 Filesystem access.
pkgs/python/[email protected]/importlib_metadata/__init__.py:468
            self.read_text('METADATA')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78c311c2d5424157 Filesystem access.
pkgs/python/[email protected]/importlib_metadata/__init__.py:469
            or self.read_text('PKG-INFO')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92de7569bc323a4b Filesystem access.
pkgs/python/[email protected]/importlib_metadata/__init__.py:473
            or self.read_text('')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f8c48895af86d79 Filesystem access.
pkgs/python/[email protected]/importlib_metadata/__init__.py:501
        return EntryPoints._from_text_for(self.read_text('entry_points.txt'), self)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cdb9326dde9bd888 Filesystem access.
pkgs/python/[email protected]/importlib_metadata/__init__.py:550
        text = self.read_text('RECORD')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39daea7a0df66748 Filesystem access.
pkgs/python/[email protected]/importlib_metadata/__init__.py:564
        text = self.read_text('installed-files.txt')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f25489a11be6219d Filesystem access.
pkgs/python/[email protected]/importlib_metadata/__init__.py:592
        text = self.read_text('SOURCES.txt')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0bd47ee0a56712e0 Filesystem access.
pkgs/python/[email protected]/importlib_metadata/__init__.py:605
        source = self.read_text('requires.txt')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2440c40d9bb325f Filesystem access.
pkgs/python/[email protected]/importlib_metadata/__init__.py:653
            self.read_text(filename),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78a95532905bbe21 Filesystem access.
pkgs/python/[email protected]/importlib_metadata/__init__.py:926
            return self._path.joinpath(filename).read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #253e617ac943cbfb Filesystem access.
pkgs/python/[email protected]/importlib_metadata/__init__.py:1062
    return (dist.read_text('top_level.txt') or '').split()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

importlib-resources

python dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #509e78241ca33c07 Filesystem access.
pkgs/python/[email protected]/importlib_resources/_common.py:210
        child.write_bytes(source.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0a1640511f37cb8 Filesystem access.
pkgs/python/[email protected]/importlib_resources/_functional.py:25
    return _get_resource(anchor, path_names).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #126edf0b3c6d2512 Filesystem access.
pkgs/python/[email protected]/importlib_resources/_functional.py:32
    return resource.read_text(encoding=encoding, errors=errors)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

jinja2

python dependency
expand_more 6 low-confidence finding(s)
low env_fs dependency Excluded from app score #acdd4877c81f89da Filesystem access.
pkgs/python/[email protected]/src/jinja2/bccache.py:270
            f = open(filename, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2ef006c7c743590 Filesystem access.
pkgs/python/[email protected]/src/jinja2/environment.py:860
                with open(os.path.join(target, filename), "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be5ad2918b45d776 Filesystem access.
pkgs/python/[email protected]/src/jinja2/environment.py:1611
            real_fp: t.IO[bytes] = open(fp, "wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1199534be90494cc Filesystem access.
pkgs/python/[email protected]/src/jinja2/loaders.py:214
        with open(filename, encoding=self.encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2dbafa5997b1fc6 Filesystem access.
pkgs/python/[email protected]/src/jinja2/loaders.py:382
            with open(p, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7ea75ce111c2f67 Filesystem access.
pkgs/python/[email protected]/src/jinja2/utils.py:171
    return open(filename, mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

jiter

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #a43b010c178056a4 Filesystem access.
pkgs/python/[email protected]/crates/jiter-python/bench.py:20
    CASES[p.stem] = p.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9340fe4ae7d7cddb Filesystem access.
pkgs/python/[email protected]/crates/jiter/benches/generate_big.py:19
(THIS_DIR / 'big.json').write_text(json.dumps(data, separators=(',', ':')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

json5

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #89b44f1263abef28 Filesystem access.
pkgs/python/[email protected]/json5/host.py:48
        with open(path, 'rb') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c378058f1ef743a8 Filesystem access.
pkgs/python/[email protected]/json5/host.py:52
        with open(path, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

jsonschema

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #3084dd009895851f Filesystem access.
pkgs/python/[email protected]/jsonschema/cli.py:52
            file = open(path)  # noqa: SIM115, PTH123

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba1cdebda1c8c2d9 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:70
            github = Path(os.environ["GITHUB_STEP_SUMMARY"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

jsonschema-specifications

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #d246187482d4154c Filesystem access.
pkgs/python/[email protected]/jsonschema_specifications/_core.py:37
                contents = json.loads(path.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd54020944e3c6fe Environment-variable access.
pkgs/python/[email protected]/noxfile.py:41
    env = dict(os.environ, PYTHONWARNDEFAULTENCODING="1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

markdown-it-py

python dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #fa12670fe8c54778 Filesystem access.
pkgs/python/[email protected]/markdown_it/cli/parse.py:39
        with open(filename, encoding="utf8", errors="ignore") as fin:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca198d65851f5617 Filesystem access.
pkgs/python/[email protected]/markdown_it/utils.py:168
    text = Path(path).read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7b092933386ff5d1 Filesystem access.
pkgs/python/[email protected]/scripts/profiler.py:13
    (Path(__file__).parent.parent / "tests" / "test_cmark_spec" / "spec.md")
    .read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

markupsafe

python dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #e62a8dfd6f6bb634 Environment-variable access.
pkgs/python/[email protected]/setup.py:60
if os.environ.get("CIBUILDWHEEL", "0") == "1" and supports_speedups:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

mccabe

python dependency
expand_more 6 low-confidence finding(s)
low env_fs dependency Excluded from app score #bc34146f49f196f9 Filesystem access.
pkgs/python/[email protected]/mccabe.py:300
        with open(filename, 'rU') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1e3a11fe9239e70 Filesystem access.
pkgs/python/[email protected]/mccabe.py:305
            with open(filename, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30ed96220cda5194 Filesystem access.
pkgs/python/[email protected]/mccabe.py:309
            with open(filename, encoding='latin-1') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a6f8f3db9df1bbb Filesystem access.
pkgs/python/[email protected]/mccabe.py:311
        with open(filename, 'r', encoding=encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb1777ee8759fe71 Filesystem access.
pkgs/python/[email protected]/setup.py:8
    with open(fname) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8262f128cfb3d5f1 Filesystem access.
pkgs/python/[email protected]/setup.py:17
        with open(fname) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

mixpanel

python dependency
expand_more 1 low-confidence finding(s)
low egress dependency Excluded from app score #55730d8595a17e49 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/mixpanel/__init__.py:657
            response = self._session.post(
                request_url,
                data=params,
                auth=basic_auth,
                timeout=self._request_timeout,
                verify=self._verify_cert,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

mslex

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #9f1080f33f3a80f4 Filesystem access.
pkgs/python/[email protected]/mslex/__init__.py:340
        input = open(args.filename, "r")  # type: TextIO

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49158f2f7484ec72 Filesystem access.
pkgs/python/[email protected]/setup.py:8
with open("README.rst") as readme_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

multidict

python dependency
expand_more 5 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #c7d8d5fc8305dd53 Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:35
    os.getenv("READTHEDOCS", "False") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e0f85b54f294e118 Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:36
    and os.environ["READTHEDOCS_VERSION_TYPE"] == "tag"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52e5b5ccf70aa5f6 Environment-variable access.
pkgs/python/[email protected]/multidict/_compat.py:4
NO_EXTENSIONS = bool(os.environ.get("MULTIDICT_NO_EXTENSIONS"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #099e5a9b15e00532 Environment-variable access.
pkgs/python/[email protected]/setup.py:7
NO_EXTENSIONS = bool(os.environ.get("MULTIDICT_NO_EXTENSIONS"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c14bbf0bdcff9f5 Environment-variable access.
pkgs/python/[email protected]/setup.py:8
DEBUG_BUILD = bool(os.environ.get("MULTIDICT_DEBUG_BUILD"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

networkx

python dependency
expand_more 16 low-confidence finding(s)
low env_fs dependency Excluded from app score #41f98aedd3872542 Environment-variable access.
pkgs/python/[email protected]/doc/conf.py:92
os.environ["_NETWORKX_BUILDING_DOCS_"] = "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d6fd83c882191505 Filesystem access.
pkgs/python/[email protected]/examples/external/javascript_force.py:27
json.dump(d, open("force/force.json", "w"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #b0d793c17ad971d1 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/graph/plot_football.py:24
sock = urllib.request.urlopen(url)  # open URL

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #8d1d3d8968fb54a1 Filesystem access.
pkgs/python/[email protected]/examples/graphviz_layout/plot_lanl_routes.py:22
        fh = open("lanl_routes.edgelist")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #865fc151be0ac1f1 Filesystem access.
pkgs/python/[email protected]/examples/subclass/plot_printgraph.py:28
            self.fh = open(file, "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f9b6dcd816f0b14 Environment-variable access.
pkgs/python/[email protected]/networkx/conftest.py:48
        backend = os.environ.get("NETWORKX_TEST_BACKEND")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27616383fe11a608 Environment-variable access.
pkgs/python/[email protected]/networkx/conftest.py:72
            fallback_to_nx = os.environ.get("NETWORKX_FALLBACK_TO_NX")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e5aac6695501e3b Environment-variable access.
pkgs/python/[email protected]/networkx/lazy_imports.py:75
    if os.environ.get("EAGER_IMPORT", ""):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5a218e2523fff29 Environment-variable access.
pkgs/python/[email protected]/networkx/utils/backends.py:587
            os.environ.get("NETWORKX_CACHE_CONVERTED_GRAPHS", True)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0b50e1a6b661503 Environment-variable access.
pkgs/python/[email protected]/networkx/utils/backends.py:589
        fallback_to_nx=bool(os.environ.get("NETWORKX_FALLBACK_TO_NX", False)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe25e482f8069db2 Environment-variable access.
pkgs/python/[email protected]/networkx/utils/backends.py:592
            for x in os.environ.get("NETWORKX_WARNINGS_TO_IGNORE", "").split(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6652728710c45a87 Environment-variable access.
pkgs/python/[email protected]/networkx/utils/backends.py:602
        for key, val in os.environ.items()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74922c21923ddc2b Environment-variable access.
pkgs/python/[email protected]/networkx/utils/backends.py:610
            os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #048369df964eff42 Environment-variable access.
pkgs/python/[email protected]/networkx/utils/backends.py:610
            os.environ.get(
                "NETWORKX_BACKEND_PRIORITY",
                os.environ.get("NETWORKX_AUTOMATIC_BACKENDS", ""),
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c39b54bfe9dff7c6 Environment-variable access.
pkgs/python/[email protected]/networkx/utils/backends.py:612
                os.environ.get("NETWORKX_AUTOMATIC_BACKENDS", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58eb5438b09895c0 Environment-variable access.
pkgs/python/[email protected]/networkx/utils/backends.py:2482
if os.environ.get("_NETWORKX_BUILDING_DOCS_"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

numpy

python dependency
expand_more 977 low-confidence finding(s)
low env_fs dependency Excluded from app score #948b805c9ca96e1f Filesystem access.
pkgs/python/[email protected]/.spin/cmds.py:124
    with open(outfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82a3e865659d14df Environment-variable access.
pkgs/python/[email protected]/.spin/cmds.py:326
    PATH = os.environ['PATH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e1ca759d881553f Environment-variable access.
pkgs/python/[email protected]/.spin/cmds.py:331
    env = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bea3cd106edaaa0 Environment-variable access.
pkgs/python/[email protected]/.spin/cmds.py:505
    env = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e424278f33323612 Environment-variable access.
pkgs/python/[email protected]/.spin/cmds.py:523
    env = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #038d390f1d8a66a9 Environment-variable access.
pkgs/python/[email protected]/.spin/cmds.py:547
    env = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eaf3961b3c9ca331 Filesystem access.
pkgs/python/[email protected]/.spin/cmds.py:629
        with open(local, "wt", encoding="utf8") as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a559a744d3bff2d Filesystem access.
pkgs/python/[email protected]/.spin/cmds.py:632
        with open(pkg_config_fname, "wt", encoding="utf8") as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5ea68ccb043df6a9 Environment-variable access.
pkgs/python/[email protected]/benchmarks/benchmarks/__init__.py:12
    if 'SHELL' in os.environ and sys.platform != 'win32':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b49e2dfc227f3c50 Filesystem access.
pkgs/python/[email protected]/benchmarks/benchmarks/__init__.py:35
        with open(lock_path, 'a+') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4c58a366cd73b219 Filesystem access.
pkgs/python/[email protected]/doc/neps/tools/build_index.py:34
        with open(source) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #90be752ba2ac8ca0 Filesystem access.
pkgs/python/[email protected]/doc/neps/tools/build_index.py:125
    with open(outfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4f4f8f8411ce461 Filesystem access.
pkgs/python/[email protected]/doc/postprocess.py:18
        with open(fn, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12b53379eb3ef56c Filesystem access.
pkgs/python/[email protected]/doc/postprocess.py:24
        with open(fn, 'w', encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ede7a91965f32f9d Filesystem access.
pkgs/python/[email protected]/doc/preprocess.py:18
    with open(gen_path, 'w') as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14a8961a08645f72 Filesystem access.
pkgs/python/[email protected]/doc/preprocess.py:35
    with open(os.path.join(dsrc_path, "doxyfile")) as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd63eca102304bee Filesystem access.
pkgs/python/[email protected]/doc/preprocess.py:44
            with open(conf_path) as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49c526c4247bf7ae Environment-variable access.
pkgs/python/[email protected]/doc/source/conf.py:247
if os.environ.get('CIRCLE_JOB') and os.environ['CIRCLE_BRANCH'] != 'main':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5142a581e76f93c Environment-variable access.
pkgs/python/[email protected]/doc/source/conf.py:249
    switcher_version = os.environ['CIRCLE_BRANCH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #199bda16f63f61f1 Environment-variable access.
pkgs/python/[email protected]/numpy/__init__.py:881
        use_hugepage = os.environ.get("NUMPY_MADVISE_HUGEPAGE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f05eee0b9f737392 Environment-variable access.
pkgs/python/[email protected]/numpy/__init__.py:913
    if (os.environ.get("NPY_PROMOTION_STATE", "weak") != "weak"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3571ec9a31d7be02 Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/conv_template.py:270
    with open(source) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2387c10f8a580cda Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/conv_template.py:320
        fid = open(file, 'r')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a0557f2a06e6886 Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/conv_template.py:323
        outfile = open(newname, 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #184a6ffebd42ade4 Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/gitversion.py:8
    with open(init) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a980fd2b434ba5fa Environment-variable access.
pkgs/python/[email protected]/numpy/_build_utils/gitversion.py:89
                os.environ.get('MESON_DIST_ROOT', ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87ef24a88b71e7b4 Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/gitversion.py:98
        with open(outfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6569f4554dd49169 Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/process_src_template.py:32
    with open(outfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #175d5bc6b7125d22 Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/tempita.py:34
    with open(outfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #554d662f44eeb2e6 Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/tempita/_tempita.py:164
        with open(filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #089dbcf8f8feff03 Environment-variable access.
pkgs/python/[email protected]/numpy/_build_utils/tempita/_tempita.py:1090
        vars.update(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c774509ae7da932f Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/tempita/_tempita.py:1104
        with open(template_name, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #693e83807b606a6b Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/tempita/_tempita.py:1109
        with open(options.output, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c872090fbcb0d675 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/__init__.py:17
    if envkey not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13a1449e506dde27 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/_add_newdocs_scalars.py:60
            machine = os.environ.get('PROCESSOR_ARCHITEW6432', '') \

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a217a01fb41dd1e8 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/_add_newdocs_scalars.py:61
                    or os.environ.get('PROCESSOR_ARCHITECTURE', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dae211cc778b89b0 Filesystem access.
pkgs/python/[email protected]/numpy/_core/_methods.py:242
        ctx = open(os.fspath(file), "wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e31148dd99ba9ee Filesystem access.
pkgs/python/[email protected]/numpy/_core/code_generators/genapi.py:249
        fo = open(filename, 'r')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c8ec71b72a037c0 Filesystem access.
pkgs/python/[email protected]/numpy/_core/code_generators/genapi.py:321
        with open(filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b869bbb036ea3ea6 Filesystem access.
pkgs/python/[email protected]/numpy/_core/code_generators/genapi.py:325
    with open(filename, 'w') as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbd660c7c1f4d171 Filesystem access.
pkgs/python/[email protected]/numpy/_core/code_generators/genapi.py:537
    with open(file) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38b5976ef8ebf012 Filesystem access.
pkgs/python/[email protected]/numpy/_core/code_generators/generate_umath.py:1689
    with open(outfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb36835c09d02d2a Filesystem access.
pkgs/python/[email protected]/numpy/_core/code_generators/generate_umath_doc.py:20
    with open(target, 'w') as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16ccb196c3b6375c Filesystem access.
pkgs/python/[email protected]/numpy/_core/memmap.py:235
            f_ctx = open(
                os.fspath(filename),
                ('r' if mode == 'c' else mode) + 'b'
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84a55c30dadeb220 Filesystem access.
pkgs/python/[email protected]/numpy/_core/records.py:901
        ctx = open(os.fspath(fd), 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eda2b8e9a6554f85 Filesystem access.
pkgs/python/[email protected]/numpy/_core/src/common/pythoncapi-compat/upgrade_pythoncapi.py:608
        with open(filename, encoding=encoding, errors=errors, newline="") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96df229b84d6186f Filesystem access.
pkgs/python/[email protected]/numpy/_core/src/common/pythoncapi-compat/upgrade_pythoncapi.py:627
        with open(filename, "w", encoding=encoding, errors=errors, newline="") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #5d246cb1d4ea8ed7 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/conf.py:85
if 'REPO_NAME' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #bdd9da0a5f17a2a0 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/conf.py:86
   REPO_NAME = os.environ['REPO_NAME']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #8c98769a6bd0a907 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/conf.py:91
if 'current_language' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #b8eba3dfd672c756 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/conf.py:93
   current_language = os.environ['current_language']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #1a62d9e6806fa740 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/conf.py:106
if 'current_version' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #65ff9af9fb639dde Environment-variable access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/conf.py:108
   current_version = os.environ['current_version']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #b365563ffa41b6e9 Filesystem access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/mm-converter.py:59
    data = open(file, 'r').read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #7bf1be4bf1ebb590 Filesystem access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/mm-converter.py:73
        with open(ext_file, 'w') as handler:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #031ee88f2a7f3ea5 Filesystem access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/mm-converter.py:83
            data = open(ext_file, 'r').read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2ec08a2fc858a8f Environment-variable access.
pkgs/python/[email protected]/numpy/conftest.py:60
os.environ["NUMPY_EXPERIMENTAL_DTYPE_API"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f378269becdcd5d Environment-variable access.
pkgs/python/[email protected]/numpy/conftest.py:100
        os.environ['NPY_AVAILABLE_MEM'] = available_mem

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e15a92f6a732ca0 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/_backends/_meson.py:71
        return self.build_template_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0fe7e3f2feb7dcb Filesystem access.
pkgs/python/[email protected]/numpy/f2py/_backends/_meson.py:181
        meson_build_file.write_text(src)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf156b1bb6381785 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/_src_pyf.py:215
    with open(source) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb402b40c582338c Filesystem access.
pkgs/python/[email protected]/numpy/f2py/auxfuncs.py:920
    with open(source) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb017856fa6666ab Filesystem access.
pkgs/python/[email protected]/numpy/f2py/capi_maps.py:158
        with open(f2cmap_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e04a498707abcde7 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/crackfortran.py:318
        with open(filename, 'rb') as fhandle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1790a1e46b744ac Filesystem access.
pkgs/python/[email protected]/numpy/f2py/crackfortran.py:329
    return open(filename, mode, encoding=encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31d8e11cb0787537 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/crackfortran.py:3705
                open(l).close()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #412371d376947f93 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/crackfortran.py:3724
        with open(pyffilename, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47edc2b91f3faef5 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/f2py2e.py:290
                with open(l):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #297547eb0f32a4bb Filesystem access.
pkgs/python/[email protected]/numpy/f2py/f2py2e.py:357
            with open(options['signsfile'], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70fff6ab7a791f21 Environment-variable access.
pkgs/python/[email protected]/numpy/f2py/rules.py:161
generationtime = int(os.environ.get('SOURCE_DATE_EPOCH', time.time()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66afe6bcf92994fd Filesystem access.
pkgs/python/[email protected]/numpy/f2py/rules.py:1436
    with open(fn, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #191f28d81b92add9 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/rules.py:1443
        with open(fn, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e362623b8b3d10b Filesystem access.
pkgs/python/[email protected]/numpy/f2py/rules.py:1451
        with open(fn, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2aedf18836120b08 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/rules.py:1464
        with open(wn, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1886fdaaf42d37de Filesystem access.
pkgs/python/[email protected]/numpy/f2py/rules.py:1489
        with open(wn, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8758f3330035dd75 Filesystem access.
pkgs/python/[email protected]/numpy/lib/_format_impl.py:968
        with open(os.fspath(filename), mode + 'b') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c107686f61013ef6 Filesystem access.
pkgs/python/[email protected]/numpy/lib/_format_impl.py:973
        with open(os.fspath(filename), 'rb') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99f5cbdf7aa621db Filesystem access.
pkgs/python/[email protected]/numpy/lib/_npyio_impl.py:454
            fid = stack.enter_context(open(os.fspath(file), "rb"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a9a5cdc0780f0b8 Filesystem access.
pkgs/python/[email protected]/numpy/lib/_npyio_impl.py:568
        file_ctx = open(file, "wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64d4c55a24fd5e88 Filesystem access.
pkgs/python/[email protected]/numpy/lib/_npyio_impl.py:1549
        open(fname, 'wt').close()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19007be8279b4f7d Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/clapack_scrub.py:308
    with open(filename) as fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #058cfb00547b11c4 Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/clapack_scrub.py:318
    with open(outfilename, 'w') as writefo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d184e193863baa3e Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/fortran.py:116
    with open(filename) as fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0d74769b065ea86 Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:230
    with open(wrapped_routines_file) as fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31df694309bdc08a Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:250
        with open(filename, 'w') as fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f86e2ccbbc48f16c Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:256
    with open(output_file, 'w') as output_fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94a970b598e2a0da Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:258
            with open(r.filename) as fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bab935739b41c247 Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:275
    with open(c_file) as fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #866ce3d92594f71b Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:278
    with open(c_file, 'w') as fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd54c2aa31ccc403 Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:301
        with open(fn) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #106cb1a68114a306 Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:309
    with open('f2c.h') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35b5b18490f27b3d Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:315
    with open(os.path.join(output_dir, 'lapack_lite_names.h'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93e86decbabf96f9 Filesystem access.
pkgs/python/[email protected]/numpy/ma/mrecords.py:626
        f = open(fname)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5960678cdafb1c3e Filesystem access.
pkgs/python/[email protected]/numpy/random/_examples/cffi/parse.py:12
    with open(os.path.join(inc_dir, 'random', 'bitgen.h')) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac687c552d5238c9 Filesystem access.
pkgs/python/[email protected]/numpy/random/_examples/cffi/parse.py:21
    with open(os.path.join(inc_dir, 'random', 'distributions.h')) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e46c000e9bc40384 Filesystem access.
pkgs/python/[email protected]/numpy/testing/_private/extbuild.py:209
    with open(cfile.parent / "meson.build", "wt") as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb4b774ee13336a7 Filesystem access.
pkgs/python/[email protected]/numpy/testing/_private/extbuild.py:223
    with open(native_file_name, "wt") as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2912ddfba25f957a Filesystem access.
pkgs/python/[email protected]/numpy/testing/_private/utils.py:72
                np_dist.read_text('direct_url.json') or '{}',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ed239b7dc288bac Filesystem access.
pkgs/python/[email protected]/numpy/testing/_private/utils.py:179
            with open(_proc_pid_stat) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74560763e71f7447 Filesystem access.
pkgs/python/[email protected]/numpy/testing/_private/utils.py:208
            with open(_proc_pid_stat) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98a5c8a837dd4982 Environment-variable access.
pkgs/python/[email protected]/numpy/testing/_private/utils.py:2711
    env_value = os.environ.get(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa3da3bd0aae3fd3 Filesystem access.
pkgs/python/[email protected]/numpy/testing/_private/utils.py:2763
        with open('/proc/meminfo') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d6629be3e450a129 Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:57
        with open(self.path, "r") as source:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6843e092b92f7786 Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:66
        with open(self.path, 'r') as source:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8e7dcf5783caa029 Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:96
            with open(os.path.join(root, self.clean_path(path)), "w") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #226bb64313eb81cd Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:97
                source.write_text(fd)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #13f8c3a8087148a7 Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:101
            with open(
                os.path.join(root, self.clean_path(path) + ".html"), "w"
            ) as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8cf0c3826705512b Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:106
        with open(os.path.join(root, 'index.html'), 'w') as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a509fcf2a07e4fc7 Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:165
        with open(log_file, 'r') as log_fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8862e7fa3fb48f4b Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:176
        files.write_text(args.directory)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #039ca1eba73cf840 Filesystem access.
pkgs/python/[email protected]/tools/check_installed_files.py:108
    with open(os.path.join('build', 'meson-info',
                           'intro-install_plan.json'), 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #bac6fe4e01011104 Filesystem access.
pkgs/python/[email protected]/tools/check_openblas_version.py:48
        with open(reqfile) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d403b7f362bc1c98 Filesystem access.
pkgs/python/[email protected]/tools/check_python_h_first.py:77
    with open(name_to_check) as in_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #dbf8a88e1620363e Filesystem access.
pkgs/python/[email protected]/tools/functions_missing_types.py:101
        with open(module_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3945c5a03c15e6f9 Filesystem access.
pkgs/python/[email protected]/tools/get_submodule_paths.py:12
    with open(gitmodule_file) as gitmodules:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b0d9e20f456d733b Filesystem access.
pkgs/python/[email protected]/tools/get_submodule_paths.py:19
    with open(
            os.path.join(root_directory, ".gitattributes"), "r"
    ) as attr_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47094e1ef65ddfb8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/ci/ciimage/build.py:21
        data = json.loads(path.read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #114b8074f1ddcd0b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/ci/ciimage/build.py:83
        out_file.write_text(out_data, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e2df37c1a10127c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/ci/ciimage/build.py:100
        out_file.write_text(out_data, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ceff44dcc1b64a4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/ci/ciimage/build.py:140
        out_file.write_text(out_data, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #793b5f99a6984408 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/extensions/refman_links.py:128
        raw = Path(self._data_file).read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e79cd1a6c6a4b008 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/genrelnotes.py:71
            snippet = snippetfile.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #fe879fa1217bffad Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/jsonvalidator.py:146
    root_tmp = json.loads(args.doc_file.read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a8e579aa7dfabbd8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatorjson.py:115
        self.out.write_text(json.dumps(data), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f79e570a6c60c718 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatorman.py:65
        self.path.write_text(self.text, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #09f7af4900278ff7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatormd.py:116
        out_file.write_text(data, encoding='ascii')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2a6cb945e4dffa73 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatormd.py:129
            template=template_file.read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #deff4a3a1914aef1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatormd.py:360
        raw = self.sitemap_in.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1283029c3468c6eb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatormd.py:371
        self.sitemap_out.write_text(out, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #aa608a35269099d6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatormd.py:393
        self.link_def_out.write_text(json.dumps(data, indent=2), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0d45547baf685088 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatorvim.py:30
            template=template_file.read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #739106ea27d94b59 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatorvim.py:37
        out_file.write_text(result, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2fb341573907dba3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/loaderbase.py:194
        return f.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3fb0806cbc4419bf Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/loaderpickle.py:16
        res = pickle.loads(self.in_file.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ca946ffe4be79d71 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/main.py:76
        args.depfile.write_text(out_text, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f0a99617a68fcd35 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/validatelinks.py:24
    with open(filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #10154a297219490f Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/vendored-meson/meson/manual tests/4 standalone binaries/build_windows_package.py:14
    response = urllib.request.urlopen(sdl_url, timeout=600.0)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #5d06b0ce7ba56ba3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/manual tests/4 standalone binaries/build_windows_package.py:16
    open(sdl_filename, 'wb').write(data)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2993f00f5cb1978 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:454
            return open(outfileabs_tmp, 'w', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29d8d8e1b2296886 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:623
            with open(rsp_file, 'w', encoding='utf-8', newline='\n') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4267fee0b2de5d6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:727
        with open(exe_data, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a718192941b75b96 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:734
        with open(test_data, 'wb') as datafile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7a04d8a76c4b7eb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:737
        with open(benchmark_data, 'wb') as datafile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7d836fde40bbea2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:902
        with open(pch_file_tmp, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22411d485eed25fd Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:1314
        with open(ifilename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51ebab15ddaa5f77 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:1345
        with open(filename, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be57d37a62bc775d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:1676
        with open(install_data_file, 'wb') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76aa0d64b3eeb11e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:548
                return open(tempfilename, 'a', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc3c536ad7d92534 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:553
            return open(tempfilename, 'a', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9b0a557406d8b8d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:557
        with open(filename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #472c9bf9f39eb76d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:590
                    with open(tempfilename, 'ab') as binfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7042d69ff4728ee5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:592
                    return open(tempfilename, 'a', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54316e88933fed89 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:634
        with open(tempfilename, 'w', encoding='utf-8') as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a86f1cc1fc551303 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:716
        with open(os.path.join(self.environment.get_build_dir(), 'rust-project.json'),
                  'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ee1e4750a499c40 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:748
            with open(os.path.join(builddir, 'compile_commands.json'), 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f960254d348b375 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:1169
            with open(pickle_abs, 'rb') as p:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #793646011ac97da4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:1174
            with open(pickle_abs, 'wb') as p:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82426a38d843ecc7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:1505
        with open(manifest_fullpath, 'w', encoding='utf-8') as manifest:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da8f8dc7ac6e5d4e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:2896
            with open(filename, encoding='ascii', errors='ignore') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b60f7546a56d6e6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:3377
                in_file = Path(os.environ['VCToolsInstallDir']) / 'modules/std.ixx'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b8975ea14a4e5ba Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:3934
        with open(d_file, 'wb') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5bdef521fec6679d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:36
    vs_version = os.getenv('VisualStudioVersion', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52da2795cf976d43 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:37
    vs_install_dir = os.getenv('VSINSTALLDIR', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7374519baae7766c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:300
        with open(Vs2010Backend.get_regen_stampfile(build_dir), 'w', encoding='utf-8'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ab8259a15218de0 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:304
        has_arch_values = 'VSCMD_ARG_TGT_ARCH' in os.environ and 'VSCMD_ARG_HOST_ARCH' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b144da5d7da5fa8 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:307
        if 'VCINSTALLDIR' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3518907f56e6142d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:308
            vs_version = os.environ['VisualStudioVersion'] \

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b71ed894fcd813c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:309
                if 'VisualStudioVersion' in os.environ else None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f62f6677d513af9f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:311
            script_path = os.environ['VCINSTALLDIR'] + relative_path + 'vcvarsall.bat'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e43b8d949dd332d1 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:314
                    target_arch = os.environ['VSCMD_ARG_TGT_ARCH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #050bb4e0e415be13 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:315
                    host_arch = os.environ['VSCMD_ARG_HOST_ARCH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c71eb2c41c8aafeb Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:317
                    target_arch = os.environ.get('Platform', 'x86')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e232beef24ee9202 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:323
        if 'VS150COMNTOOLS' in os.environ and has_arch_values:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #add3c680c59af52d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:324
            script_path = os.environ['VS150COMNTOOLS'] + 'VsDevCmd.bat'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74e61b6bc2940dba Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:327
                    (script_path, os.environ['VSCMD_ARG_TGT_ARCH'], os.environ['VSCMD_ARG_HOST_ARCH'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #691c15fd17888a40 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:426
        with open(sln_filename_tmp, 'w', encoding='utf-8-sig') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3eee3ca9dc5a5e70 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:1008
        with open(ofname_tmp, 'w', encoding='utf-8') as of:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7a3301b3d73a0a4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:2110
            with open(rulefile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #798078ce58ec14b3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2017backend.py:44
        sdk_version = os.environ.get('WindowsSDKVersion', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c60924582fe9627 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2019backend.py:39
        sdk_version = os.environ.get('WindowsSDKVersion', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8aa458c3a9fa2eed Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2022backend.py:39
        sdk_version = os.environ.get('WindowsSDKVersion', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #afdccb790d9d93bd Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2026backend.py:39
        sdk_version = os.environ.get('WindowsSDKVersion', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #902c9830fa1103d9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/xcodebackend.py:274
        with open(tmpname, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35139759967310cc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/build.py:3601
        with open(filename, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f539ef172bf74cd1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cargo/toml.py:41
            with open(filename, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1053089bc3122d2 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/executor.py:216
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d3bebebcb64f802 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/fileapi.py:51
        query_file.write_text(json.dumps(query, indent=2), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d0389faa9df9e0d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/fileapi.py:75
        debug_json.write_text(json.dumps(index, indent=2), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #533464d95ed2d0f9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/fileapi.py:320
        data = json.loads(real_path.read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1377ff37fe7afa3f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/interpreter.py:884
            os_env = environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0aa1c550bb61998 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/toolchain.py:61
        self.toolchain_file.write_text(self.generate(), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ced2de8d92dfa2d5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/toolchain.py:62
        self.cmcache_file.write_text(self.generate_cache(), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #950c0f79b5be75a5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/toolchain.py:238
        cmake_file.write_text(cmake_content, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #156ff6b77050c116 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/toolchain.py:242
        temp_toolchain_file.write_text(CMakeToolchain._print_vars(self.variables), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a42824d6606fdf1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/traceparser.py:170
            trace = self.trace_file_path.read_text(errors='ignore', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b255e13e9bd3fcd0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmdline.py:93
    with open(filename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df74f55c63ae6442 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmdline.py:112
    with open(filename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b20612927f9dec8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/compilers.py:866
                with open(srcname, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #678bcda25300ae20 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/compilers.py:907
            os_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #476e12a65d1d19d9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/compilers.py:1277
        with open(os.path.join(work_dir, sourcename), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76f9c0b6f79aed6c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/detect.py:308
            if 'WATCOM' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c0e97d87c0989e7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/detect.py:312
                watcom_cls = [sanitize(os.path.join(os.environ['WATCOM'], 'BINNT', 'cl')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #234eccfeef521ed3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/detect.py:313
                              sanitize(os.path.join(os.environ['WATCOM'], 'BINNT', 'cl.exe')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b4446c2b1d23eaa Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/detect.py:314
                              sanitize(os.path.join(os.environ['WATCOM'], 'BINNT64', 'cl')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19ef30c5380e6763 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/detect.py:315
                              sanitize(os.path.join(os.environ['WATCOM'], 'BINNT64', 'cl.exe'))]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1475503fbd44b425 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/detect.py:1355
            default_path = os.path.join(os.environ['ProgramFiles'], 'NASM')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97e1e99d2b6eefef Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/clike.py:228
                    with open(file_to_check, 'rb') as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #152ae2abefbf66fa Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/clike.py:881
            with open(p.output_name, 'rb') as o:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7572e33709647af Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/clike.py:1197
        os_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b3095ce6b20134c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/elbrus.py:42
        os_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0adf4316f3e3eb9b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/elbrus.py:53
        os_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5327c95730f00b7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/elbrus.py:65
        os_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c09794927499c5da Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/gnu.py:323
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3c04de19d1df581 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/visualstudio.py:316
        if 'INCLUDE' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1eb3a70140f038a0 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/visualstudio.py:318
        return os.environ['INCLUDE'].split(os.pathsep)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #015c007a96e228fb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/coredata.py:292
                    with open(f, encoding='utf-8') as rf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da534fc4f0b564dd Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/coredata.py:293
                        with open(fcopy, 'w', encoding='utf-8') as wf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f62ab82d128cbf6e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/coredata.py:303
                    os.environ.get('XDG_DATA_HOME', os.path.expanduser('~/.local/share')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d6f182cb575c8db Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/coredata.py:304
                ] + os.environ.get('XDG_DATA_DIRS', '/usr/local/share:/usr/share').split(':')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25c6674de497189c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/coredata.py:489
    with open(tempfilename, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4bf2c2c63c482d87 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/blas_lapack.py:784
        deploy_target = os.environ.get('MACOSX_DEPLOYMENT_TARGET', macos_version)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc20bc1de9ea0725 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/blas_lapack.py:800
        deploy_target = os.environ.get('IPHONEOS_DEPLOYMENT_TARGET', ios_version)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d3bcdbade78234b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/blas_lapack.py:939
        _m = os.environ.get('MKLROOT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f4bbe678afe4b88 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/boost.py:762
        raw = hfile.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fec1dc4c46a0cf7a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cmake.py:298
        for i in os.environ.get('PATH', '').split(os.pathsep):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23dc773f13235d10 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cmake.py:329
        env_path = os.environ.get(f'{name}_DIR')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4321224fee0a3a5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cmake.py:580
        cmake_txt = importlib.resources.read_text('mesonbuild.dependencies.data', cmake_file, encoding = 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19d10715e555fd5e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cmake.py:600
        cm_file.write_text(cmake_txt, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29efa984f112efca Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cuda.py:175
        env_vars = [var for var in env_vars if var in os.environ]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc3eebe0d8a75b70 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cuda.py:176
        user_defaults = {os.environ[var] for var in env_vars}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e67eec957e695f5b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cuda.py:182
        return ([(os.environ[self.env_var], True)] if self.env_var else []) \

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9b3ce11fc78c527 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cuda.py:186
        env_vars = os.environ.keys()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64bd1cfefd362d4f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cuda.py:187
        return [(os.environ[var], False) for var in env_vars if var.startswith('CUDA_PATH_')]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #978463047f76facc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cuda.py:223
            raw = i.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #053edd0af422188d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cuda.py:241
            with open(version_file_path, encoding='utf-8') as version_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7b9d288be6bcbd3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/dev.py:777
        vsdir = os.environ.get('VSInstallDir')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ebc0c68aaf5165c5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/hdf5.py:110
            os.environ[f'HDF5_{cenv}'] = join_args(compiler.get_exelist())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abd57fd1d302a0b1 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/hdf5.py:111
            os.environ[f'HDF5_{lenv}LINKER'] = join_args(compiler.get_linker_exelist())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff77afbc92205372 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/hdf5.py:114
            del os.environ[f'HDF5_{cenv}']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d2654f0fac4657c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/hdf5.py:115
            del os.environ[f'HDF5_{lenv}LINKER']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #829b391c2a344ac0 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/mpi.py:54
        tool_names = [os.environ.get(env_name) for env_name in env_vars]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c871212381b0768f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/mpi.py:244
        incdir = os.environ.get('MSMPI_INC')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64bdb2e300b02054 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/mpi.py:248
            libdir = os.environ.get('MSMPI_LIB32')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #960646f30f57d9f6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/mpi.py:251
            libdir = os.environ.get('MSMPI_LIB64')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1676ec0f79c6cb2 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/mpi.py:278
        rootdir = os.environ.get('I_MPI_ROOT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bce855e48f55d2c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/pkgconfig.py:164
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #524d1f87f630cdb7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/pkgconfig.py:181
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c133ad23b3d72e47 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/pkgconfig.py:302
        env = env or os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #afa6e693f658c57a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/pkgconfig.py:560
        with open(la_file, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80790259ed1d33e7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/python.py:98
            self._data = json.loads(self._path.read_text(encoding='utf8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #edc37e9f54a66a8a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/python.py:229
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fd8cc1649cc3052 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/scalapack.py:57
        _m = os.environ.get('MKLROOT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33c3013ad2ae57a2 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/ui.py:119
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ad140d0548afbb9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/ui.py:185
        self.vulkan_sdk = os.environ.get('VULKAN_SDK', os.environ.get('VK_SDK_PATH'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30defc1e05be217d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/envconfig.py:725
    return os.environ.get('MSYSTEM_CARCH', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ab463df0b22d26e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/environment.py:70
        value = os.environ.get(var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8c6e50e88513b96 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreter/interpreter.py:385
        if 'MESON_UNIT_TEST' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4475d9206c5f4aaf Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreter/interpreter.py:387
        if 'MESON_RUNNING_IN_PROJECT_TESTS' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2e27a2f383f2a54 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreter/interpreter.py:967
        with open(meson_filename, "w", encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b18da47f8cf76cb4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreter/interpreter.py:1250
                ver_data = Path(ifname).read_text(encoding='utf-8').split('\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b7338205b8aa82a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreter/interpreter.py:2814
                with open(dst_tmp, 'w', encoding=file_encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #294ad80a139373b7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreter/interpreter.py:2821
                with open(depfile, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0161a55c918ceb1c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreter/interpreterobjects.py:264
        child_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a26f0ed857cf92b0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreterbase/interpreterbase.py:106
            with open(fname, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25b9d81d264141d8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreterbase/interpreterbase.py:155
                    with open(parent / 'meson.build', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d5830f337aec9ad Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreterbase/interpreterbase.py:676
            with open(option_file, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c7ae48554b0c6ec Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/machinefile.py:30
                with open(fname, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81f23988d5e3f3a8 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mcompile.py:253
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1527aa476aaeda5e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mconf.py:95
                    with open(opfile, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #984d65cd97f89723 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mconf.py:110
                        with open(opfile, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9fbab43feaa8e2c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdevenv.py:72
    env = {} if dump_fmt else os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3baa43cd284463ce Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdevenv.py:153
            gdbinit_path.write_text(gdbinit_line, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38014313db16e449 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdevenv.py:199
            with open(options.dump, "w", encoding='utf-8') as output:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd0eb0f130c20228 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdevenv.py:217
        if os.environ.get("MESON_DISABLE_PS1_OVERRIDE"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #318bc75ba451446a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdevenv.py:219
        shell_env = os.environ.get("SHELL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1518edd75e4e7860 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdevenv.py:233
                args = [os.environ.get("COMSPEC", r"C:\WINDOWS\system32\cmd.exe")]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #563d1f15288c39ed Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdevenv.py:236
            args = [os.environ.get("SHELL", os.path.realpath("/bin/sh"))]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a1944d6142cdb12 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdevenv.py:263
            with open(os.path.join(tmpdir.name, '.zshrc'), 'w') as zshrc: # pylint: disable=unspecified-encoding

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30eb2601267cc864 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:68
    m.update(open(fname, 'rb').read())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7575f5ab300897ba Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:69
    with open(hashname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62549df4920ebeda Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:96
            if 'GITLAB_CI' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2ea07a85a403192 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:261
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b6540494a485fc5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:294
            with lzma.open(xzname, 'wb') as xf, open(tarname, 'rb') as tf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45144e0857fb7685 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:299
            with bz2.open(bz2name, 'wb') as bf, open(tarname, 'rb') as tf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ee1f5d0f9edabf8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:304
            with gzip.open(gzname, 'wb') as zf, open(tarname, 'rb') as tf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72bb52525f1aba46 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:324
    myenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ed46821de270b0c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mesondata.py:21
            data = importlib.resources.read_text( # [ignore encoding] it's on the next lines, Mr. Lint
                    ('mesonbuild' / self.path.parent).as_posix().replace('/', '.'),
                    self.path.name,
                    encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbc260cb17e0c713 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mesondata.py:25
            path.write_text(data, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e0f937c89163e7c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mesonmain.py:33
        if os.environ.get('MESON_FORCE_BACKTRACE'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06568d029f7d738d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mesonmain.py:43
        if os.environ.get('MESON_FORCE_BACKTRACE'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67c2f4618d8cadcc Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mesonmain.py:257
    if os.environ.get('MESON_SHOW_DEPRECATIONS'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f5072b6cc35ddb7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mesonmain.py:264
    if sys.version_info >= (3, 10) and os.environ.get('MESON_RUNNING_IN_PROJECT_TESTS'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23ed49754d3390bd Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mesonmain.py:282
    if sys.platform == 'cygwin' and os.environ.get('MSYSTEM', '') not in ['MSYS', '']:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f90515e763e883d2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mformat.py:38
            self.read_string(f'[{self.default_section}]\n' + filename.read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7d4ffb1b42a7773 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mformat.py:1089
                code = src_file.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9dabee1a8bf80b40 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:545
            destdir = os.environ.get('DESTDIR')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #311347ac00b41aab Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:551
            os.environ['DESTDIR'] = destdir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e499aeef7ab2c3d1 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:581
                os.environ.get('MESON_ROOT_CMD')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02b452982b326d53 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:587
            if rootcmd is None and pkexec is not None and 'PKEXEC_UID' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11697878f6b9344f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:814
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2b2b4da4281ecd7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:816
            if os.environ.get('SUDO_USER') is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a103320735926a8 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:825
            elif os.environ.get('DOAS_USER') is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8494ac0db8d98e51 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:879
    with open(os.path.join(log_dir, 'install-log.txt'), 'w', encoding='utf-8') as lf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f955d4ffc459e406 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mintro.py:511
    with open(get_info_file(infodir, kind), encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ee51a97a3ed3534 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mintro.py:580
        with open(tmp_file, 'w', encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #547e4059ab6c95ff Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mintro.py:650
    with open(tmp_file, 'w', encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d8e96f0f7277f03 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:50
    return bool(kernel.SetConsoleMode(stdout, mode.value | 0x4) or os.environ.get('ANSICON'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ce8be11dea08a70 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:52
_in_ci = 'CI' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2afb7d0c32a5d26b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:53
_ci_is_github = 'GITHUB_ACTIONS' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db4eb6662ebf0e18 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:128
        if 'PAGER' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a13eaa6a81df40e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:129
            pager_cmd = shlex.split(os.environ['PAGER'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0cda0e8c5d0bd236 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:148
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ffb9152c46c93aa Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:158
            if 'PAGER' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13e66e9ca6b4bba2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:174
        self.log_file = open(os.path.join(logdir, self._LOG_FNAME), 'w', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af34383b0d5800ae Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:175
        self.slog_file = open(os.path.join(logdir, self._SLOG_FNAME), 'w', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc303caa04aed9cf Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:406
                _colorize_console = os.isatty(output.fileno()) and os.environ.get('TERM', 'dumb') != 'dumb'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bece1e24d5360e2 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:582
    elif 'MESON_FORCE_SHOW_LOGS' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f0dde7a71b73cc0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:589
    with open(fname, 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b4e68c08cc4dd6d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/_qt.py:817
        with open(fileout_abs, 'w', encoding='utf-8') as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c5e3f2ab9f92011 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/cmake.py:338
            with open(infile, encoding='utf-8') as fin:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a214587d5860c594 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/cmake.py:352
        with open(outfile_tmp, "w", encoding='utf-8') as fout:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85b41e01fd9eee56 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/dlang.py:74
            with open(config_path, encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c857597f7242689 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/dlang.py:115
        with open(config_path, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba0d8844192372d3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/external_project.py:155
        self.run_env: EnvironOrDict = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3bfe69c3ab1696b3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/external_project.py:220
            output = open(logfile, 'w', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce091eb448a9c522 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/features/module.py:680
        with open(config_path, "w", encoding='utf-8') as cout:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d43efb9d166b3b2a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/fs.py:169
        with open(file, mode='rb', buffering=0) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8201232db4453e6a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/fs.py:268
            with open(path, encoding=encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f465788d2aeafee4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/gnome.py:950
        with open(gir_filelist_filename, 'w', encoding='utf-8') as gir_filelist:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e1d34205ef8fc4c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/gnome.py:2212
        with open(fname, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ac4766c95374fbe Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/hotdoc.py:293
        with open(hotdoc_config_path, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a98f7639bb763e48 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/i18n.py:238
        rsp_file.write_text(source_list, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6949b0e53da8ddaf Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/keyval.py:31
            with open(path_to_config, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e7fec3ec4c58bc4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/pkgconfig.py:555
        with open(fname, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fce4789ae0226ec8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/python.py:431
        with open(pycompile, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0604959d61e1ed91 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/python.py:442
                with open(os.path.join(self.interpreter.environment.get_scratch_dir(), manifest), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b535bce1299947cb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/snippets.py:100
        header_path.write_text(content, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d06ab48bec8ef80 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mparser.py:113
        self.in_unit_test = 'MESON_RUNNING_IN_PROJECT_TESTS' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7644a72f83d6fc9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/msetup.py:152
        with open(os.path.join(build_dir, '.gitignore'), 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5dfcc6dc4bfae7c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/msetup.py:154
        with open(os.path.join(build_dir, '.hgignore'), 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f5b1a86e6e0c24d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/msetup.py:324
                with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0ae2f9efb2d68d1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:527
        self.file = open(filename, 'w', encoding='utf-8', errors=errors)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30922e84db1312d2 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:762
        inherit_env = env_tuple_to_str(os.environ.items())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16fded6af85aeba2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:956
        with open(self.filename, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8a1c81714b2c22e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:1057
        test_only_env = set(self.env.items()) - set(os.environ.items())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dcb96874e49bdf70 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:1121
            with open(filename, 'r', encoding='utf8', errors='replace') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e40743d9c62277e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:1794
        return current.env.get_env(os.environ.copy())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b490f36262baa9a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:1802
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cab486695f7567e7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:2237
        with open(targets_file, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f37b9f583286b8df Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:2319
            if os.environ.get('MESON_FORCE_BACKTRACE'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb15d2b92e540e22 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/optinterpreter.py:83
            with open(option_file, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f37bb0e6795c330 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/programs.py:185
        if 'USERPROFILE' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f9ad6c63d58e703 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/programs.py:196
        appstore_dir = Path(os.environ['USERPROFILE']) / 'AppData' / 'Local' / 'Microsoft' / 'WindowsApps'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b66323cc2a7f7fd8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/programs.py:228
            with open(script, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6404f94d16ea196e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/programs.py:332
        search_dirs = OrderedSet(self._windows_sanitize_path(os.environ.get('PATH', '')).split(';'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a676af8d7e64c85c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/programs.py:354
        path = os.environ.get('PATH', os.defpath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #348813fe43d78177 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/rewriter.py:1022
                with open(fpath, 'w', encoding='utf-8'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c53fcac0815499e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/rewriter.py:1024
            with open(fpath, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbeed6cf94de96d1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/rewriter.py:1075
            with open(val['path'], 'w', encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a07020c0456ce19 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/rewriter.py:1144
        with open(options.json, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ae0be42b304b6248 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/clangformat.py:26
            original = fname.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ace06cd66bb9e421 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/cleantrees.py:30
    with open(args[0], 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4f13804902e066b2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/coverage.py:103
                    with open(llvm_cov_shim_path, 'w', encoding='utf-8') as llvm_cov_bat:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3f61f5c403756557 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/coverage.py:107
                    with open(llvm_cov_shim_path, 'w', encoding='utf-8') as llvm_cov_sh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3743df90557b6941 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depaccumulate.py:105
    with open(outfile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #807f62affa73ef03 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depaccumulate.py:119
    with open(jsonfile, 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #720b1b7e361f7f99 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depaccumulate.py:125
        with open(dep, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #24e05ea145ee7059 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depfixer.py:159
            self.bf = open(bfile, 'r+b')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #77698e6eef6f159a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depfixer.py:164
                self.bf = open(bfile, 'r+b')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #cc70ce4afc348e93 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depfixer.py:523
    with open('META-INF/MANIFEST.MF', 'r+', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #02c521619a903845 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depscan.py:72
        with open(pickle_file, 'rb') as pf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3b1415937fc87497 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depscan.py:90
        for line in fpath.read_text(encoding='utf-8-sig', errors='ignore').split('\n'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8ff9a817395f1f09 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depscan.py:134
        for line in fpath.read_text(encoding='utf-8-sig', errors='ignore').split('\n'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #cc2293d5959055bc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depscan.py:199
        with open(self.outfile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5da1724c575fa8df Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:100
    cppflags = shlex.split(os.environ.get('CPPFLAGS', ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6af7cbd427742c4a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:101
    cflags = shlex.split(os.environ.get('CFLAGS', ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #60c74c0d5ed14301 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:102
    cxxflags = shlex.split(os.environ.get('CXXFLAGS', ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #57123395b7ecb966 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:103
    objcflags = shlex.split(os.environ.get('OBJCFLAGS', ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #612dbac3fe16adc1 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:104
    objcxxflags = shlex.split(os.environ.get('OBJCXXFLAGS', ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #abac41684f3ba72a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:105
    ldflags = shlex.split(os.environ.get('LDFLAGS', ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9bbf0d138f3bd21f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:278
    with open(tmpfilename, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #33ee87501d0d7ba8 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:329
        compile_args = shlex.split(os.environ.get(compilers.CFLAGS_MAPPING[langname] + envvar_suffix, ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4a84ae90ebd504b4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:331
        cppflags = tuple(shlex.split(os.environ.get('CPPFLAGS' + envvar_suffix, '')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f408947290325649 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:337
        lang_link_args += shlex.split(os.environ.get('LDFLAGS' + envvar_suffix, ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #63c67c392693db13 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:345
            compilerstr = os.environ.get(envvarname + envvar_suffix)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ed5f53e149f1b89c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:365
            binstr = os.environ.get(envvar)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d3791a167b013901 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:371
    var = os.environ.get('PKG_CONFIG_LIBDIR' + envvar_suffix)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5acafae59ff74804 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:374
    var = os.environ.get('PKG_CONFIG_SYSROOT_DIR' + envvar_suffix)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #fcb99cc6f2530207 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:523
            with open(pathlib.Path(self.options.outfile) / crossfile_name, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8d7633c93617b902 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/externalproject.py:28
        with open(self.depfile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7375a09b80e06578 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/externalproject.py:39
        with open(self.stampfile, 'w', encoding='utf-8'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a45ad35d393e2464 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/externalproject.py:74
            output = open(logfile, 'w', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #315b19a9f1d7ce54 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/externalproject.py:79
        run_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #829c8ab7099d1038 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/gettext.py:30
        with open(linguas, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #413ee89219914c74 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/gettext.py:48
    child_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #19a3fee7f9a47004 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/gtkdochelper.py:52
    env = dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e7acaf8a32623569 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/gtkdochelper.py:270
    if 'MESON_INSTALL_PREFIX' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c6a832ca78c088b7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/gtkdochelper.py:271
        destdir = os.environ.get('DESTDIR', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e7b5b29958ff4764 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/gtkdochelper.py:272
        install_prefix = destdir_join(destdir, os.environ['MESON_INSTALL_PREFIX'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ba189cb35bd9f93b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/hotdochelper.py:23
    subenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #33e6545a694af585 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/hotdochelper.py:35
        destdir = os.environ.get('DESTDIR', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4d70e23a607e7709 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/itstool.py:64
    build_dir = os.environ.get('MESON_BUILD_ROOT', os.getcwd())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #53a26380cdc1a4d9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/meson_exe.py:31
    child_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8e079f4d1092ae90 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/meson_exe.py:49
        stdin = open(exe.feed, 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6e97377265ac4057 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/meson_exe.py:84
            with open(exe.capture, 'rb') as cur:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4a793f104e35e548 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/meson_exe.py:89
            with open(exe.capture, 'wb') as output:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a240845dab5cb356 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/meson_exe.py:106
        with open(options.unpickle, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f831c6d8489c2a05 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/msgfmthelper.py:25
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a1d4287ffef68a5e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/pickle_env.py:6
    with open(args[0], "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1dd0c36627e9a664 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/pickle_env.py:7
        pickle.dump(dict(os.environ), f)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6588c6f5e80cb148 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/pycompile.py:12
quiet = int(os.environ.get('MESON_INSTALL_QUIET', 0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #efd0302ff03387c9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/pycompile.py:22
        fullpath = absf = os.environ['MESON_INSTALL_DESTDIR_'+key] + f

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #01a76febe39dee9b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/pycompile.py:23
        f = os.environ['MESON_INSTALL_'+key] + f

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9e8a931fbe5add24 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/pycompile.py:41
    with open(data_file, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4f39b97f8b5c6d06 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/regen_checker.py:41
    with open(dumpfile, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #37bed9712907928f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/regen_checker.py:44
    with open(coredata_file, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #fa74c346c950bc2f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/reprotest.py:61
        os.environ['CCACHE_DISABLE'] = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #11dd5a41c24747b7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/run_tool.py:136
    with open('meson-info/intro-targets.json', encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e0114ecae2983df5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/run_tool.py:156
    with open('meson-info/intro-targets.json', encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #44347870ade5fab2 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/rustdoc.py:57
                environ = dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #eb9a3fd09be10257 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:31
    with open(outfilename, 'w', encoding='utf-8'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #20c17c03df08ca84 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:36
        with open(outfilename, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e26a7363022a4042 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:42
    with open(outfilename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #96e0857d3ce7c3cf Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:53
    with open(TOOL_WARNING_FILE, 'w', encoding='utf-8'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a71d6015ef7a7902 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:58
    if evar in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #150451c29cbb133d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:60
        return shlex.split(os.environ[evar])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4dcdd16d22f9878f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:118
    origpath = os.environ['PATH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0c9293be0ef34b65 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:120
        os.environ['PATH'] = '/usr/gnu/bin:' + origpath

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #22f009ee3121ae5a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:123
        os.environ['PATH'] = origpath

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5ba259d183e672d3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:228
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f10da8f1e1b2f71a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:333
            with open(TOOL_WARNING_FILE, 'w', encoding='utf-8'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1c9bf6207b9b7ae4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/uninstall.py:14
    for line in open(log, encoding='utf-8'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #67bfcc75cfd2529b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/vcstagger.py:16
    with open(infile, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5d3c19d7dd831838 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/vcstagger.py:19
        with open(outfile, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5d17b1972ad0aeda Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/vcstagger.py:24
        with open(outfile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #80f51af9dd04ad86 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/yasm.py:21
    with open(options.depfile, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af6a8f8b51e90eb9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:96
            with open(self.source_name, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca15af7700dae0b6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:100
            with open('meson.build', 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00b95f1cb7f9b16a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:128
            with open(self.source_name, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8526f7179d1547ac Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:131
            with open(test_name, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4675637dcd2d6c5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:134
            with open('meson.build', 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac7b55d83e441151 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:148
            with open(self.source_name, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #121812b43b8f5a2a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:151
            with open('meson.build', 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd4f9a4d95aab1c5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:188
            with open(self.source_name, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b43066102e05592b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:191
            with open(test_name, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6de8edb37913c27 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:194
            with open('meson.build', 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50c15b734d58e67f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:219
            with open(kwargs['header_file'], 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e4a6d46ce834841 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/tooldetect.py:106
    env_ninja = os.environ.get('NINJA', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #015be79b5299893b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/tooldetect.py:193
    if 'SCANBUILD' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04fd1976e62686f8 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/tooldetect.py:194
        exelist = split_args(os.environ['SCANBUILD'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0c2837404886ed7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/platform.py:49
                self.lockfile = open(self.lockpath, 'w+', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce28a28353838084 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/platform.py:98
                self.lockfile = open(self.lockpath, 'w+', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02a3f5dc78c19a66 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:247
    if 'MESON_COMMAND_TESTS' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b80368fc332e4f1 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:752
    arch = os.environ.get('PROCESSOR_ARCHITEW6432', '').lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d38bbf2b1c9784e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:756
            arch = os.environ['PROCESSOR_ARCHITECTURE'].lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a42ed5825751dd76 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:836
    vsver = os.environ.get('VSCMD_VER', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c053c5667fec723a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:1124
        if varname in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55d103f54771c940 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:1126
                num_workers = int(os.environ[varname])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a771252020139c50 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:1543
        with open(src, encoding=encoding, newline='') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #390b79e71f297597 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:1551
        with open(dst_tmp, 'w', encoding=encoding, newline='') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a063f20cb718b87 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:1612
    with open(ofilename_tmp, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c4c75ec44680a13 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:1627
        with open(dst, 'rb') as f1, open(dst_tmp, 'rb') as f2:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d59b019ff51cd8db Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:1717
            with open(args_file, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0f6850f0fbde74f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:2429
        with open(filename, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93aeb9f1c283e035 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:2490
    return int(os.environ.get('MESON_RSP_THRESHOLD', limit))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0bf4595cf623a87c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/vsenv.py:31
    if os.environ.get('OSTYPE') == 'cygwin':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e44c95c783abbc6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/vsenv.py:33
    if 'MESON_FORCE_VSENV_FOR_UNITTEST' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54787f4d99cd8c5f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/vsenv.py:36
        if 'VSINSTALLDIR' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a485e58949a5004 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/vsenv.py:51
    root = os.environ.get("ProgramFiles(x86)") or os.environ.get("ProgramFiles")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77dc832f1236c5e4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/vsenv.py:98
        with open(env_file.name, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94a75f03ff45c012 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/vsenv.py:101
            os.environ[k] = v

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76c607c2cb9f0969 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:172
    with open(wrapfile, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #953cfd9e8d36d862 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:285
        with open(filename, 'r', encoding='utf-8') as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9ee7889074aa34f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:344
            with open(self.get_hashfile(subproject_directory), 'w', encoding='utf-8') as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da1aa97ead03fc11 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:378
        self.cachedir = os.environ.get('MESON_PACKAGE_CACHE_DIR') or os.path.join(self.subdir_root, 'packagecache')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f453b373df63ee0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:539
                with open(main_fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #894195846c021243 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:730
            with open(hashfile, 'r', encoding='utf-8') as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a8200d331164112 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:861
        with open(path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1453bc63e94c21f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wraptool.py:102
    with open(wrapfile, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ee32e1a3d682bcd Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wraptool.py:207
    with open(os.path.join(subproject_dir_name, 'wrapdb.json'), 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed171776a06c8e8c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/packaging/createmsi.py:234
        with open(self.main_xml, 'w') as open_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #709f53de9874de92 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/packaging/createmsi.py:237
        with open(self.main_xml) as open_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7b200f94f1a9feb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/packaging/createmsi.py:240
        with open(self.main_xml, 'w') as open_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf6a491d095a0927 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/packaging/createpkg.py:94
        with open(self.distribution_file, 'w') as open_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #250345b74ee0e854 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/packaging/mpackage.py:42
version_lines = pathlib.Path(relfile).read_text().split('\n')[:-1]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73f9b3e3734fa504 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/packaging/mpackage.py:59
    myenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01c7a053c88b5363 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/packaging/mpackage.py:62
    pathlib.Path(relfile).write_text('\n'.join(version_lines) + '\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0b7af0424d5728af Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_cross_test.py:40
        data = json.loads(cf_path.read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #11f4149932927db0 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_cross_test.py:43
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5eae203eeb1efb53 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_format_tests.py:19
    lines = file.read_bytes().split(b'\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60324bc8a502cfcd Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:62
        self.orig_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98952beb74ef39d9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:64
        os.environ['MESON_COMMAND_TESTS'] = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a654dae3eeac8556 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:75
        os.environ.clear()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b89781a32f000f6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:76
        os.environ.update(self.orig_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #307e1f8b8645df43 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:133
        os.environ['PATH'] = str(bindir) + os.pathsep + os.environ['PATH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36fca79b30982c4f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:151
        os.environ['PYTHONPATH'] = os.path.join(str(pylibdir), '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4e6d7fad7c0acca Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:152
        os.environ['PATH'] = str(bindir) + os.pathsep + os.environ['PATH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d9d3ae85d9bc326 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:163
            os.environ['PYTHONPATH'] = os.pathsep.join(PYTHONPATHS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca8b431c54fa9f67 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:196
        wrapper.write_text('#!/bin/sh\n\nmeson.real "$@"', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3af4f8784b7fe7f5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:219
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #539836565884c154 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:221
        with open(script_file, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2317ca2fb9824680 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_mypy.py:170
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46df36a45eb228a2 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:278
        self.env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9acd0c4a033b29e3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:310
print_debug = 'MESON_PRINT_TEST_OUTPUT' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae394dee71a58db3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:311
under_ci = 'CI' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8dc2b48aa038e408 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:312
raw_ci_jobname = os.environ.get('MESON_CI_JOBNAME', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56fe70e89d5b4409 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:826
            if skip_env_var in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3a13c300e8b2661 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:837
        test_def = json.loads(test_def_file.read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37715a82fddee5ee Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:1042
    skip_cmake = ((os.environ.get('compiler') == 'msvc2015' and under_ci) or

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97995c307f6c9b03 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:1099
    with open(txtname, 'w', encoding='utf-8', errors='ignore') as lf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b77a9b75c18988fe Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:1636
    if 'VSCMD_VER' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a4251783c2018b7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:1637
        print('VSCMD version', os.environ['VSCMD_VER'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e140258d085836c0 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:52
    NINJA_1_12_OR_NEWER = bool(int(os.environ['NINJA_1_12_OR_NEWER']))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5534544846a0baa0 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:53
    NINJA_CMD = [os.environ['NINJA']]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9cd6cc86221ce72 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:63
    os.environ['NINJA_1_12_OR_NEWER'] = str(int(NINJA_1_12_OR_NEWER))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c17e6e230052a1e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:64
    os.environ['NINJA'] = NINJA_CMD[0]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9fb0fc2101af02f5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:72
os.environ['PYTHONWARNDEFAULTENCODING'] = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fd9873f5867e793 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:74
os.environ['MESON_RUNNING_IN_PROJECT_TESTS'] = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fda8e5fb45f63cb3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:118
    if not os.environ.get('MKLROOT', '').strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a19f02268b9d2925 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:120
    if (os.environ.get('CC') == 'icl' or

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35fd3c816d5bc6c8 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:121
            os.environ.get('CXX') == 'icl' or

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72af5d422e549fa4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:122
            os.environ.get('FC') == 'ifort'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91980bf5ee1cf44c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:131
                 'Please try using the Intel shell.'.format(os.environ.get('MKLROOT')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e210866211f527b1 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:173
if 'MESON_EXE' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d67105be14e9f69 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:174
    meson_exe = mesonlib.split_args(os.environ['MESON_EXE'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91199caeb883ac3f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:233
            with open(f, encoding='utf-8') as o:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffb666d13469185b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:301
    with mock.patch.dict(os.environ, env or {}), mock.patch.object(sys, 'stdout', stdout), mock.patch.object(sys, 'stderr', stderr):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84b1997e70883d8a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:352
    if not mesonlib.is_windows() and not mesonlib.is_haiku() and 'CI' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5c7fcbcbfe8233a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:366
    if 'APPVEYOR' in os.environ and os.environ['arch'] == 'x86':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b9e3c3d541f9232 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:367
        os.environ.pop('platform')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e82a8657660ce6f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:370
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e38b9c70b58c10ab Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_unittests.py:69
    os.environ['MESON_UNIT_TEST_BACKEND'] = be

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #371ddeed38dfdba7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_unittests.py:113
        if 'CI' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc12e235be3d150f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/skip_ci.py:13
    if is_pr_env not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bfe549d183fe218 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/skip_ci.py:16
    elif os.environ[is_pr_env] == 'false':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4a52258c2c5775a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/skip_ci.py:22
    if base_env not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #818265479389e460 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/skip_ci.py:25
    return os.environ[base_env]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8454db647b9b6568 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/cmake/11 cmake_module_path/subprojects/cmMod/gen.py:1
with open('main.c', 'w') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7685a359871d78c8 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/100 postconf with args/postconf.py:12
input_file = os.path.join(os.environ['MESON_SOURCE_ROOT'], 'raw.dat')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b77848e2b99be0b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/100 postconf with args/postconf.py:13
output_file = os.path.join(os.environ['MESON_BUILD_ROOT'], 'generated.h')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ae09fd2c2a88256 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/100 postconf with args/postconf.py:15
with open(input_file, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #858a010fd8909002 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/100 postconf with args/postconf.py:17
with open(output_file, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92a01f0b0ce9c1e3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/105 generatorcustom/catter.py:8
with open(output, 'w') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa48608424d23628 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/105 generatorcustom/catter.py:11
        with open(i) as ifile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dcaad03e849ac44f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/105 generatorcustom/gen-resx.py:8
with open(ofile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a5dbd8963119bc5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/105 generatorcustom/gen.py:8
with open(ifile) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e6c8c42d3d65f41 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/105 generatorcustom/gen.py:12
with open(ofile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45678ec3e42fa218 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/109 custom target capture/my_compiler.py:9
    with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0de8890103f840c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/110 allgenerate/converter.py:8
open(ofile, 'w').write(open(ifile).read())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9547b9964df5fcd7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/123 custom target directory install/docgen.py:14
    with open(os.path.join(out, name + '.html'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc80b36b7bcb6f4c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/125 configure file in generator/src/gen.py:8
with open(ifile) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c279a6b52f6b138 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/125 configure file in generator/src/gen.py:12
with open(ofile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96d16404a76f94c8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/128 build by default targets in tests/write_file.py:5
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5611fee94de1ac1c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/129 build by default/mygen.py:5
ifile = open(sys.argv[1])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef0b13ccf125fe6f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/129 build by default/mygen.py:6
ofile = open(sys.argv[2], 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fcd83f2d086acf36 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/13 pch/generated/gen_custom.py:4
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b25325a7842b8cc2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/13 pch/generated/gen_generator.py:4
with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19085332aaabe7ce Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/13 pch/generated/gen_generator.py:6
with open(sys.argv[2], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd5e4aa64b857917 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/139 mesonintrospect from scripts/check_env.py:12
if 'MESONINTROSPECT' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #433c4a5668961362 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/139 mesonintrospect from scripts/check_env.py:15
mesonintrospect = os.environ['MESONINTROSPECT']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d1e5aa009f50cd9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/139 mesonintrospect from scripts/check_introspection.py:8
if 'MESONINTROSPECT' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73ad252c4432fa6e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/139 mesonintrospect from scripts/check_introspection.py:10
if 'MESON_BUILD_ROOT' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34b014f588c075e9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/139 mesonintrospect from scripts/check_introspection.py:13
mesonintrospect = os.environ['MESONINTROSPECT']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ddf6cd11f27da480 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/139 mesonintrospect from scripts/check_introspection.py:16
buildroot = os.environ['MESON_BUILD_ROOT']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6f36403621fa186 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/14 configure file/file_contains.py:14
    with open(args.file[0], encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b9943f24d01a5de Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/14 configure file/generator-deps.py:9
build_dir = Path(os.environ['MESON_BUILD_ROOT'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0f7283f262eae5b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/14 configure file/generator-deps.py:10
subdir = Path(os.environ['MESON_SUBDIR'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #daef619202131ad7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/14 configure file/generator-without-input-file.py:9
build_dir = Path(os.environ['MESON_BUILD_ROOT'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #779f59e01646e46e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/14 configure file/generator-without-input-file.py:10
subdir = Path(os.environ['MESON_SUBDIR'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d224842f9287d1c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/14 configure file/generator.py:9
build_dir = Path(os.environ['MESON_BUILD_ROOT'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01257679cf06ceba Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/14 configure file/generator.py:10
subdir = Path(os.environ['MESON_SUBDIR'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9f67fa09aa37eb8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/140 custom target multiple outputs/generator.py:11
with open(os.path.join(odir, name + '.h'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a6edc846b3592e9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/140 custom target multiple outputs/generator.py:13
with open(os.path.join(odir, name + '.sh'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c790b077cc0f930d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/141 special characters/check_quoting.py:27
    with open(output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58ebdc4ce34c50ef Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/144 link depends custom target/make_file.py:4
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3e9cc8af517a871 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/152 index customtarget/gen_sources.py:30
    with open(args.header, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #662a184a15cc9693 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/152 index customtarget/gen_sources.py:33
    with open(args.code, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf242e6966b71fd0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/168 preserve gendir/genprog.py:41
    proto_name = open(ifile_name).readline().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1f1caf0e37b41ff Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/168 preserve gendir/genprog.py:45
    open(h_out, 'w').write(h_templ % (proto_name))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9f907c72884bc9e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/168 preserve gendir/genprog.py:46
    open(c_out, 'w').write(c_templ % (proto_name, proto_name))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8baf190227737d3d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/169 source in dep/generated/genheader.py:15
funname = open(ifile).readline().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #034b77b39b5d22fa Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/169 source in dep/generated/genheader.py:17
open(ofile, 'w').write(templ % funname)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6cbd13a852cc7704 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/170 generator link whole/generator.py:14
    with open(hname, 'w') as hfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee1b06048ae714ae Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/170 generator link whole/generator.py:20
    with open(cname, 'w') as cfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2061e7232e3e2ade Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/178 bothlibraries/dummy.py:7
    Path(sys.argv[1]).write_text('Hello World\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc4822e6a0346c04 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/179 escape and unicode/file.py:6
with open(sys.argv[1]) as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e56856f24874fa0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/179 escape and unicode/file.py:9
with open(os.path.join(sys.argv[3]), 'w', errors='replace') as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df8e13ce29404d24 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/182 find override/subdir/converter.py:13
d = pathlib.Path(ifilename).read_text().split('\n')[0].strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #730699c175a5dfa3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/182 find override/subdir/converter.py:15
pathlib.Path(ofilename).write_text(ftempl % d)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0e6f4c178f5f4f4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/186 test depends/gen.py:7
    with open(sys.argv[1], 'w') as out:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f811724690864a5f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/195 generator in subdir/com/mesonbuild/tooldir/genprog.py:41
    proto_name = open(ifile_name).readline().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2fd7a565dee4ddea Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/195 generator in subdir/com/mesonbuild/tooldir/genprog.py:45
    open(h_out, 'w').write(h_templ % (proto_name))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8cf73c84499feb6b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/195 generator in subdir/com/mesonbuild/tooldir/genprog.py:46
    open(c_out, 'w').write(c_templ % (proto_name, proto_name))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e91a70bf416e80ed Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/202 custom target build by default/docgen.py:11
    with open(os.path.join(out, name + '.txt'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41ba7c9a6ee79eb3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/208 link custom/custom_stlib.py:73
    c_file.write_text(contents)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b19a7d043cf71b64 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/209 link custom_i single from multiple/generate_conflicting_stlibs.py:70
        c_file.write_text(content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2540f8fca831bfed Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/210 link custom_i multiple from multiple/generate_stlibs.py:72
        c_file.write_text(content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #caefc891c72d1ffc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/216 custom target input extracted objects/check_object.py:16
    with open(sys.argv[2], 'wb') as out:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97413a70366046e6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/216 custom target input extracted objects/libdir/gen.py:3
with open(sys.argv[1], 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3ce5bc90399b7ec Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/22 object extraction/check-obj.py:12
    with open('compile_commands.json') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdc6ce96f54cb23b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/226 link depends indexed custom target/check_arch.py:12
with open(dummy_output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5217f364b47efa04 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/226 link depends indexed custom target/make_file.py:4
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4cb0bf4d9ae44eb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/226 link depends indexed custom target/make_file.py:7
with open(sys.argv[2], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba2b63add6c45c5e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/227 very long command line/codegen.py:6
Path(sys.argv[2]).write_text(
    'int func{n}(void) {{ return {n}; }}'.format(n=sys.argv[1]))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fad5363f2fe3ffd0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/228 custom_target source/x.py:2
with open('x.c', 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9d946fb128b41b1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/228 custom_target source/x.py:4
with open('y', 'w'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1b7f089b11645ca Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/242 custom target feed/my_compiler.py:13
    with open(sys.argv[1], 'w+') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29c16ce40da9322d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/262 generator chain/stage1.py:5
assert(Path(sys.argv[1]).read_text() == 'stage1\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73fee56b0b1604a2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/262 generator chain/stage1.py:6
Path(sys.argv[2]).write_text('stage2\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8455e78b85b91ee1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/262 generator chain/stage2.py:5
assert(Path(sys.argv[1]).read_text() == 'stage2\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #085a33123b13cfc3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/262 generator chain/stage2.py:6
Path(sys.argv[2]).write_text('int main(void){}\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68da45f95a7275ae Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/269 configure file output format/compare.py:3
with open(sys.argv[1], 'r', encoding='utf-8') as f, open(sys.argv[2], 'r', encoding='utf-8') as g:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c341fa65cfce927 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/271 env in generator.process/generate_main.py:5
ENV_VAR_VALUE = os.environ.get('ENV_VAR_VALUE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee4e38c6b64b529a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/271 env in generator.process/generate_main.py:8
with open(sys.argv[1], 'r') as infile, \

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #baf4bf5fa8c162ec Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/271 env in generator.process/generate_main.py:9
     open(sys.argv[2], 'w') as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8a72bee5cea243e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/274 customtarget exe for test/generate.py:12
    with open(a, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ef4b2925b2e6333 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/275 environment/testenv.py:9
if os.environ.get(key) == expected:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73e5b234610b19d7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/275 environment/testenv.py:12
sys.exit(f'Expected {expected!r}, was {os.environ.get(key)!r}')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4fb555e498e7400c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/33 run program/check-env.py:5
assert os.environ['MY_PATH'] == os.pathsep.join(['0', '1', '2'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b662398180fa160b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/41 test args/tester.py:6
assert os.environ['MESONTESTING'] == 'picklerror'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f40d5507931037f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/41 test args/tester.py:7
assert os.environ['TEST_LIST_FLATTENING'] == '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1b2d068ea601074 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/41 test args/tester.py:9
with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #134b822ad5dbdf9a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/49 custom target/depfile/dep.py:12
with open(output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25a6b3de46454aea Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/49 custom target/depfile/dep.py:14
with open(depfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62a6178525244bdb Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/49 custom target/my_compiler.py:11
    assert os.environ['MY_COMPILER_ENV'] == 'value'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30c45512ba4ed499 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/49 custom target/my_compiler.py:16
    with open(args[1].split('=', 1)[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4b617952645ef02 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/49 custom target/my_compiler.py:21
    with open(args[2].split('=', 1)[1], 'w') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73b801c277a98846 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/50 custom target chain/my_compiler.py:9
    with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23ba5d2a9313c5f1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/50 custom target chain/my_compiler.py:14
    with open(sys.argv[2], 'w') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6e5833f7dd3c7df Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/50 custom target chain/my_compiler2.py:9
    with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c572ac54b010c15d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/50 custom target chain/my_compiler2.py:14
    with open(sys.argv[2], 'w') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0925a0dd612bdf2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/50 custom target chain/usetarget/subcomp.py:5
with open(sys.argv[1], 'rb') as ifile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b3177dabf8349ba Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/50 custom target chain/usetarget/subcomp.py:6
    with open(sys.argv[2], 'w') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fef24031589738dd Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:6
assert 'MESON_SOURCE_ROOT' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d416a427c50add1 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:7
assert 'MESON_BUILD_ROOT' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0ad300ba75dc8b3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:8
assert 'MESON_SUBDIR' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd840f35cda51026 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:9
assert 'MESONINTROSPECT' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b96738d552303cc6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:10
assert 'MY_ENV' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3bc5d85d5f22770d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:15
env_source_root = Path(os.environ['MESON_SOURCE_ROOT']).resolve()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62e6e5f8f1714428 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:16
env_build_root = Path(os.environ['MESON_BUILD_ROOT']).resolve()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09b5c14e88eed67f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:17
env_current_source_dir = Path(env_source_root, os.environ['MESON_SUBDIR']).resolve()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9de43d080f0517b7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/converter.py:5
with open(sys.argv[1], 'rb') as ifile, open(sys.argv[2], 'wb') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab01bd24423a50cd Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/fakeburner.py:9
    with open(filename, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de153c6798db2e05 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/53 install script/customtarget.py:12
    with open(os.path.join(args.dirname, '1.txt'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17c6b24589d5c6c9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/53 install script/customtarget.py:14
    with open(os.path.join(args.dirname, '2.txt'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7b04aed15bcbb3f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/53 install script/myinstall.py:7
prefix = os.environ['MESON_INSTALL_DESTDIR_PREFIX']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #748e54b838441dcd Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/53 install script/myinstall.py:8
dry_run = bool(os.environ.get('MESON_INSTALL_DRY_RUN'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4d3484cef52d8f4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/53 install script/myinstall.py:30
                with open(os.path.join(dirname, name), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f17fd127abccdf3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/53 install script/src/myinstall.py:6
prefix = os.environ['MESON_INSTALL_DESTDIR_PREFIX']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53f207f5f364aafb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/53 install script/src/myinstall.py:13
with open(os.path.join(dirname, sys.argv[2] + '.in'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17c9ebe9be0274da Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/54 custom target source output/generator.py:10
with open(os.path.join(odir, 'mylib.h'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd3b1a0cebb5ff61 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/54 custom target source output/generator.py:12
with open(os.path.join(odir, 'mylib.c'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c108ba212ebf2638 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/57 custom header generator/makeheader.py:9
with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6f27419b7f8c9c4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/57 custom header generator/makeheader.py:11
with open(sys.argv[2], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21465cde08a93009 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/58 multiple generators/mygen.py:9
with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f07f7f5cff38f33 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/58 multiple generators/mygen.py:16
with open(outhdr, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c03ca9567a99529 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/58 multiple generators/mygen.py:18
with open(outsrc, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7fffa8140f81752 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/65 build always/version_gen.py:13
    with open(infile) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5622ed209e4e7c96 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/65 build always/version_gen.py:16
        with open(outfile) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #471342569656cd85 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/65 build always/version_gen.py:22
    with open(outfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5f7c65fe58d30aa Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/69 configure file in custom target/src/mycompiler.py:5
with open(sys.argv[1]) as ifile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e47fbf68e271de1a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/69 configure file in custom target/src/mycompiler.py:8
with open(sys.argv[2], 'w') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df4580f4599cfb43 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/71 ctarget dependency/gen1.py:9
with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9bdd309d14a67f7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/71 ctarget dependency/gen1.py:11
with open(sys.argv[2], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66b8f667510cb208 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/71 ctarget dependency/gen2.py:9
with open(files[0]) as ifile, open(sys.argv[2], 'w') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1b55324742b5c3a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/8 install/gendir.py:8
open(fname, 'w').close()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec687b5cf864169f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/86 private include/stlib/compiler.py:29
with open(cfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5074989760a9c14f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/86 private include/stlib/compiler.py:31
with open(hfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ee2bd38f04c9ec9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/88 dep fallback/subprojects/boblib/genbob.py:5
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11b855270bdefbbc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/90 gen extra/srcgen.py:21
with open(options.input) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4da9b89b73055f4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/90 gen extra/srcgen.py:26
with open(options.output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8da8dd6688e182dc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/90 gen extra/srcgen2.py:17
with open(options.input) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76b09d2879c34d9c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/90 gen extra/srcgen2.py:22
with open(output_c, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #306bd70ad1fc5125 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/90 gen extra/srcgen2.py:31
with open(output_h, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55de9a7e7a38504d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/90 gen extra/srcgen3.py:12
with open(options.input) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea798357eb6837b4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/92 test workdir/subdir/checker.py:5
data = open(sys.argv[1], 'rb').read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42924fd809998c0b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/95 manygen/subdir/manygen.py:10
with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12d6ee649376fbce Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/95 manygen/subdir/manygen.py:43
with open(outc, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3af87964dd48bd7a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/95 manygen/subdir/manygen.py:50
with open(outh, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d281c014a874813 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/95 manygen/subdir/manygen.py:57
with open(tmpc, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdf77c74a85d60f1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/95 manygen/subdir/manygen.py:68
with open(tmpc, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6fb2572aa6e0409 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/99 postconf/postconf.py:10
input_file = os.path.join(os.environ['MESON_SOURCE_ROOT'], 'raw.dat')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #975be0ba63c27820 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/99 postconf/postconf.py:11
output_file = os.path.join(os.environ['MESON_BUILD_ROOT'], 'generated.h')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75c9bdd2e172c3e9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/99 postconf/postconf.py:13
with open(input_file, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d20ed50541bb98c6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/99 postconf/postconf.py:15
with open(output_file, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0cc7845139939c9e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/cython/2 generated sources/gen.py:10
with open(args.output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #199e98ac8f3e3d46 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/cython/2 generated sources/generator.py:11
with open(args.input) as i, open(args.output, 'w') as o:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbac5486faec58b4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/cython/2 generated sources/libdir/gen.py:10
with open(args.output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5456cd4a7f8c0d82 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/failing/39 custom target plainname many inputs/catfiles.py:6
with open(out, 'wb') as o:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49126fe17c8458cf Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/failing/39 custom target plainname many inputs/catfiles.py:8
        with open(infile, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f5ec0bf8c247fa9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/failing/40 custom target outputs not matching install_dirs/generator.py:11
with open(os.path.join(odir, name + '.h'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e6f6a1c3fe905e2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/failing/40 custom target outputs not matching install_dirs/generator.py:13
with open(os.path.join(odir, name + '.c'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23b5daa98555ec5b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/failing/40 custom target outputs not matching install_dirs/generator.py:15
with open(os.path.join(odir, name + '.sh'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7e97d35dbc4c292 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/failing/88 custom target install data/preproc.py:11
with open(outf, 'wb') as o:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e10f1d043f7cd125 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/failing/88 custom target install data/preproc.py:12
    with open(inf, 'rb') as i:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f83b69d7a21d1f8e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/format/5 transform/file_compare.py:16
    with open(args.actual, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #457722f8e3d45d3d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/format/5 transform/file_compare.py:18
    with open(args.expected, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea20b2902f632d10 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/fortran/7 generated/gen.py:36
    with open(args.input, 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55c91e3dc1f61ebc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/fortran/7 generated/gen.py:41
    with open(args.output, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbc4f80a491e08e0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/frameworks/10 gtk-doc/include/generate-enums-docbook.py:52
        with open(sys.argv[1], 'w') as doc_out:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6aa544275425693 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/frameworks/4 qt/subfolder/generator.py:5
    with open(sys.argv[1], "w") as output:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55a09df25b7110d3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/frameworks/6 gettext/data3/verify.py:12
with open(fname, 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #653b22cbf3543d79 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/osx/2 library versions/require_pkgconfig.py:6
if 'CI' in os.environ or shutil.which('pkg-config'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9d43ec391008904 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/python/4 custom target depends extmodule/blaster.py:25
    with open(options.output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #669ea4d39e264d50 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/python3/4 custom target depends extmodule/blaster.py:26
    with open(options.output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b0b0a3efb9a3479 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/rust/11 generated main/gen.py:12
    with open(args.out, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10a4f8fcadbc1b50 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/rust/19 structured sources/gen.py:12
    with open(args.output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec1bf0441aa461d6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/2 testsetups/envcheck.py:5
assert 'PATH' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #799643ae3ca5ea22 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/26 install umask/myinstall.py:6
prefix = os.environ['MESON_INSTALL_DESTDIR_PREFIX']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5e7ef99982f2f8e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/26 install umask/myinstall.py:16
with open(os.path.join(dirname, sys.argv[2]), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7acc8657068d2bcf Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/35 dist script/replacer.py:10
source_root = pathlib.Path(os.environ['MESON_DIST_ROOT'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49c7ffd8f907b5fa Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/35 dist script/replacer.py:14
contents = modfile.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f2ce9882cbbe381 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/35 dist script/replacer.py:16
modfile.write_text(contents)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55baaf7cb5e7500d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/35 dist script/subprojects/sub/dist-script.py:11
source_root = pathlib.Path(os.environ['MESON_PROJECT_DIST_ROOT'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47bdb7bcfb0dfd19 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/35 dist script/subprojects/sub/dist-script.py:12
mesonrewrite = shlex.split(os.environ['MESONREWRITE'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18658fab95505155 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/45 native dep pkgconfig var/cross_pkgconfig.py:7
environ = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #289f10780e505b96 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/48 testsetup default/envcheck.py:5
assert 'ENV_A' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8785f8410459dc12 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/48 testsetup default/envcheck.py:6
assert 'ENV_B' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f988f9eaf4c8b950 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/48 testsetup default/envcheck.py:7
assert 'ENV_C' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f89d9137175f32b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/48 testsetup default/envcheck.py:9
print('ENV_A is', os.environ['ENV_A'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee1c1ca9510d7ef7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/48 testsetup default/envcheck.py:10
print('ENV_B is', os.environ['ENV_B'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b24f42b096f08347 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/48 testsetup default/envcheck.py:11
print('ENV_C is', os.environ['ENV_C'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #612db89879cad08d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/67 test env value/test.py:6
assert os.environ['TEST_VAR'] == sys.argv[1]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8cc6c68b3a39ce15 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/70 cross test passed/exewrapper.py:15
    defined = 'MESON_EXE_WRAPPER' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9362e91de70ca998 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/70 cross test passed/exewrapper.py:18
        print(os.environ, file=sys.stderr)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42b17644b317638b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/90 devenv/test-devenv.py:5
assert os.environ['MESON_DEVENV'] == '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dff34aace34a7d49 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/90 devenv/test-devenv.py:6
assert os.environ['MESON_PROJECT_NAME'] == 'devenv'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ebfe00db4fd90d7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/90 devenv/test-devenv.py:7
assert os.environ['TEST_A'] == '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03ab33a4b46ea56f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/90 devenv/test-devenv.py:8
assert os.environ['TEST_B'] == '0+1+2+3+4'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d015984a4f6eb70 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/90 devenv/test-devenv.py:9
assert os.environ['TEST_C'] == os.pathsep.join(['/prefix', '/suffix'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9c9644241a3871c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/94 custominc/easytogrepfor/genh.py:5
f = open(sys.argv[1], 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c539d0af7bbff4ed Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/98 install all targets/script.py:6
  with open(f, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1de83a3ddcb4d66 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/98 install all targets/subdir/script.py:6
  with open(f, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12eb0e8b77cdea7f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/vala/10 mixed sources/c/writec.py:11
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8996be43b3dd7582 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/vala/8 generated sources/src/write_wrapper.py:11
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ed50250d35abc23 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/windows/10 vs module defs generated custom target/subdir/make_def.py:4
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07a9a508917108fe Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/windows/12 resources with custom targets/res/gen-res.py:5
with open(sys.argv[1]) as infile, open(sys.argv[2], 'w') as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88cf6985143f4e34 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/windows/14 resources with custom target depend_files/ico/gen-ico.py:5
with open(sys.argv[1], 'rb') as infile, open(sys.argv[2], 'wb') as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a68a0e6a88044945 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/windows/16 gui app/gui_app_tester.py:8
    if 'CI' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d5e362accc8d516b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/ac_converter.py:362
with open(sys.argv[1], encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3f911e53b2fa85e9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/boost_names.py:69
    raw = jamroot.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #06cd92ef0869090c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/boost_names.py:82
    raw = jamfile.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #79aff183396cedfb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/boost_names.py:176
    data = json.loads(meta_file.read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8e63534c0883b92b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/tools/build_website.py:30
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b62d0d77019ed529 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/dircondenser.py:46
    with open(sourcefile, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #969affed157ef83d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/dircondenser.py:50
    with open(sourcefile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b5aa5a906b93befd Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/tools/regenerate_docs.py:23
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d3f0fe45f30fef78 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/regenerate_docs.py:121
            with open(output_dir / (cmd+'_'+typ+'.inc'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #df2d3e155921f9aa Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/vendored-meson/meson/tools/regenerate_docs.py:125
    url = urlopen('https://wrapdb.mesonbuild.com/v2/releases.json')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #a5a73fb9545c7637 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/regenerate_docs.py:127
    with open(output_dir / 'wrapdb-table.md', 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c1562ecfa1610a4a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/regenerate_docs.py:160
        with open(output_dir/dummy_output_file, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #281c7d2a55a174b3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/__init__.py:12
        if v in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa4367ba3f601e2f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/__init__.py:13
            del os.environ[v]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #add722b71592ffcb Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/__init__.py:16
    os.environ.setdefault('MESON_UNIT_TEST_BACKEND', 'ninja')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d24b987d65d2a607 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:136
                with open(fin, 'wb') as fobj:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #497b8fd2fd537715 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:140
                    with open(fout, 'rb') as fobj:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #635958ea43342658 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:258
                with open(os.path.join(self.builddir, header), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08f0d08b20bb9252 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:262
                with open(os.path.join(cmake_builddir, header), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a2bb0415381842c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:541
        text_log = Path(self.logdir, 'testlog.txt').read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18ca978447a32fc1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:543
        json_log = json.loads(Path(self.logdir, 'testlog.json').read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f34a19b221b23ea5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:741
        with open(os.path.join(self.logdir, 'testlog.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9859fca295aa9c3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:760
        with open(os.path.join(self.logdir, 'testlog.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #947a3d8a0e50f0fe Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:800
        with open(os.path.join(self.logdir, 'testlog.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3d36cee7a8c3ddc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:805
        with open(os.path.join(self.logdir, 'testlog-valgrind.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f14858ca0a3fc981 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:825
        with open(os.path.join(self.logdir, 'testlog-good.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b7c27bfd7836f61 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:830
        with open(os.path.join(self.logdir, 'testlog-good.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2190d838647dd78d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:866
        with open(os.path.join(self.logdir, 'testlog.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #657bc93248a9d8c0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:871
        with open(os.path.join(self.logdir, 'testlog-mydefault.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33b0703bcae1a58c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:876
        with open(os.path.join(self.logdir, 'testlog-other.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #514adda9cb3b139f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:897
            with open(os.path.join(self.logdir, 'testlog.json'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3829eb4fc63fcbf6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1057
        if mesonbuild.envconfig.detect_msys2_arch() and ('MESON_RSP_THRESHOLD' in os.environ):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c60775168d2286a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1122
    @mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a1c8da0a49296ef Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1143
            if evar in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #034ae1c0d4c95e0c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1156
                        evalue = os.environ.pop(evar)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca3608dea2dd39b9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1237
                    if 'arch' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d72c686b18098e9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1238
                        if os.environ['arch'] == 'x64':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05e07fd26e66504d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1249
                os.environ[evar] = ' '.join(quote_arg(w) for w in wrappercc)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9de531df7da2565e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1253
                os.environ['AR'] = ' '.join(quote_arg(w) for w in wrapperlinker)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #065f56d8583ad0cd Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1268
                del os.environ['AR']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c2ecfa8507613d5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1344
        with open(build_ninja, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4196d16f0ea1866c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1573
            with open(os.path.join(project_dir, '.hg', 'hgrc'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2fc1d0e7bf1d7bb7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1613
        with open(os.path.join(path, 'meson.build'), 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b8767adb4fa4afa Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1621
            with open(os.path.join(project_dir, 'meson.build'), 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb9695bb4adc895d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1631
            with open(distexe_c, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06d3589113466a72 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1969
                with open(os.path.join(d, 'alexandria.pc'), 'w',
                          encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #135a44498431dc44 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2011
                with open(os.path.join(d, 'alexandriaConfig.cmake'), 'w',
                        encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f168a8c39c77fbad Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2140
    @mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8683c48cd545b166 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2148
        os.environ['PKG_CONFIG_LIBDIR'] = self.privatedir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cfce6d9cfb695d3a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2172
            with open(os.path.join(self.privatedir, name), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52116efd4c8d9569 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2564
                    with open(os.path.join(tmpdir, 'foo.' + lang), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6cf309d760eec53e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2570
                    with open(os.path.join(tmpdir, 'Foo.' + lang), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09848b035dfcf6c9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2986
        with open(os.path.join(self.builddir, 'nosubst-nocopy1.txt'), 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43076f6371fa19c3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2988
        with open(os.path.join(self.builddir, 'nosubst-nocopy2.txt'), 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c8734e5af360bef Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2995
                of = open(mfile, 'w', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16bce30d7c6eec88 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3215
                            with open(intro_installed_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77ef9480ef5498d9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3223
        with open(filename, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c294b08ce5797252 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3226
        with open(filename, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2623b2f30bafd0de Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3251
        open(filename, 'w', encoding='utf-8').close()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58993bc9771a1cf7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3406
            self.assertNotEqual(Path(testfile).read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e5d918c622b1772 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3407
                                Path(goodfile).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d598a46023778f6d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3408
            self.assertNotEqual(Path(testheader).read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a5dc2c33ed6ec4f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3409
                                Path(goodheader).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6619f5f1b910304 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3413
            self.assertNotEqual(Path(testfile).read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c13357071437d7cc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3414
                                Path(goodfile).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1dab93f4bed1fea Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3415
            self.assertNotEqual(Path(testheader).read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18078d12b9042708 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3416
                                Path(goodheader).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b6778b532dd44f5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3419
            with open(includefile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fba6ec4ac087db82 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3422
            self.assertEqual(Path(testheader).read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #477f41b2a68d8763 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3423
                             Path(goodheader).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb64ef86fcf7d9b0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3465
        self.assertNotEqual(Path(testfile).read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #052b58ab8b0fc5a9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3466
                            Path(fixedfile).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0f12c21fecefd88 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3471
        self.assertEqual(Path(testfile).read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df519edefcad402b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3472
                         Path(fixedfile).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1480339ee91b2d1d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3523
        with open(os.path.join(infodir, 'intro-targets.json'), encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e478d5e53f5d9a1c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3657
            with open(curr, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #895017636d79cc67 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3795
            with open(curr, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b54da61bf13f0ae6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3805
        with open(introfile, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f4ad3d9fa2a6c13 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3820
        with open(introfile, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #382c457a9e98a42a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3838
        with open(introfile, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dff1e571fc380452 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3849
        with open(introfile, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd294e723722bc8e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4279
        with open(build_ninja, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b839fc7f434a72ec Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4296
        with open(doc_path, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4ce854b46532be7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4499
            with open(os.path.join(srcdir, 'subprojects', 'wrap_git.wrap'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04800aeae309ffe9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4516
            with open(os.path.join(srcdir, 'subprojects', 'wrap_git.wrap'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6912bcc32451121 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4553
        with open(machinefile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3278a7bd1e07fdd Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4582
        with open(redirect_wrap, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f21657dd37e272d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4591
        with open(redirect_wrap, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77e613446c6375e8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4600
        with open(redirect_wrap, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #068bee24dd27d150 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4609
        with open(redirect_wrap, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e5a7b82bf735e0f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4614
        with open(real_wrap, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2753abda2504b566 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4741
        o = Path(fname).read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73e2de04ff75f8e3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4800
        with mock.patch.dict(os.environ, {'CFLAGS': '-DCFLAG', 'LDFLAGS': '-flto'}):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a26f4c3741b3d41 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4991
        with open(introfile, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51e4da9ee2b760e6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:5324
        with open(gen_file, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00226df90db04d9c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:5332
        with open(gen_file, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40f950fd2c87069e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:5409
        olddata = filename.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82409666ba507512 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:5414
            newdata = filename.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20dcdc1e2cdb1a31 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:5423
            newdata = filename.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d056ee3e729c437d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:5585
        with open(os.path.join(testdir, 'mod1.f90'), 'a', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7afddd868984806 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:5595
        with open(os.path.join(testdir, 'test.f90'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e30cfcafdcb81fe7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:72
        cls.backend_name = os.environ.get('MESON_UNIT_TEST_BACKEND', 'ninja')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #987de8174af538b7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:107
        cls.env_patch = mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cc4205d12d7dd8e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:110
        os.environ['COLUMNS'] = '80'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76f1a6bac7f36ceb Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:111
        os.environ['PYTHONIOENCODING'] = 'utf8'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dff3d652955f2707 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:120
        if (is_windows() or is_cygwin()) and not os.environ.get('MESON_FORCE_UNITTEST_IN_TMP', '0') == '1':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c34a93888b53a66f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:160
        return open(log, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f621247bd909d7cc Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:186
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7914f1bb8188e9ae Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:290
            with mock.patch.dict(os.environ, override_envvars):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ba8170d53aa64ab Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:341
            with open(os.path.join(self.builddir, 'compile_commands.json'), encoding='utf-8') as ifile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8eac3800bb899ef2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:355
                with open(rsp, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14f84c1eb0b95773 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:188
            with open(filename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41b986e960690612 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:328
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0da3374b6d4c8e24 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:346
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aaddcb1d01369860 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:360
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5460d92751ad8e1e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:397
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c7d267656174f9c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:414
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b018983c2c1df04c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:438
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a185e6a0c63725ef Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:454
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41abed2fbe6a0e44 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:494
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34ea756e4e909e8c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:512
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd6056dac9402709 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:546
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e478bb3a08c87486 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:566
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e71b509161041c51 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/darwintests.py:59
        with open(build_ninja, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c4126f2e5d596db Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/darwintests.py:70
        with open(build_ninja, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74b3b29713809b66 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:71
        with open('docs/markdown/Builtin-options.md', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #485a5b51eac8daf4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:105
        with open('docs/markdown/Builtin-options.md', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #282ca29d0fdb3070 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:176
        with open("docs/markdown/Reference-tables.md", encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26a6de88a6bb44ae Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:192
        with open("docs/sitemap.txt", encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fbee8470d0b8a8f2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:206
        with open("docs/theme/extra/templates/navbar_links.html", encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #002e5a589bc32300 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:218
    @mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2de5bb22890eff7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:228
        del os.environ['MESON_RUNNING_IN_PROJECT_TESTS']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f28888946b7647e8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:231
        with open('data/syntax-highlighting/vim/syntax/meson.vim', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #357480e00b539651 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:236
    @mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #081e3d201b73f93d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:246
        del os.environ['MESON_RUNNING_IN_PROJECT_TESTS']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db40c6a28164e15e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/failuretests.py:93
        with open(self.mbuild, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b095b7ca66bfe31 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/failuretests.py:102
            with open(self.moptions, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f12c52bcd156f95 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/failuretests.py:119
        with open(self.mbuild, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f58780fe1398dc27 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/featurestests.py:85
    @mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5495f4f98901b9a7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/featurestests.py:96
        os.environ.pop('MESON_RUNNING_IN_PROJECT_TESTS', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7d56fe2c7fc216b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/helpers.py:34
IS_CI = os.environ.get('MESON_CI_JOBNAME', 'thirdparty') != 'thirdparty'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #852bab880d9dbf8a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/helpers.py:211
            if not IS_CI and key in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60fcba9e1979a65f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/helpers.py:213
            with mock.patch.dict(os.environ):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aea02c8e08237142 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/helpers.py:214
                os.environ.pop(key, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6df71015245f414 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/helpers.py:301
    if os.environ.get('MESON_CI_JOBNAME') == name:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82ad4e321781f57b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:727
            script_path.write_text('import sys\nprint(sys.argv[1])\n', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf941c590d46fa02 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:1081
        with open('data/test.schema.json', 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fe7edc288f72e9e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:1092
                schema_validator(json.loads(p.read_text(encoding='utf-8')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b5c63d4bb39bb77 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:42
PKG_CONFIG = os.environ.get('PKG_CONFIG', 'pkg-config')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #997c225655613e77 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:58
    pkgconf = os.environ.get('PKG_CONFIG_PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ad61f7291e2f0ed Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:156
    @mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aebcf324235fafb8 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:168
        os.environ['PKG_CONFIG_LIBDIR'] = self.privatedir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #296728cb027ccce2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:224
        with open(os.path.join(privatedir2, 'dependency-test.pc'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43a435d399eefa9c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:255
        with open(os.path.join(privatedir1, 'simple2.pc'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a26ff8df5ab42768 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:260
        with open(os.path.join(privatedir1, 'simple3.pc'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b25aa258eb05434 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:264
        with open(os.path.join(privatedir1, 'simple5.pc'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41fbf8039701411f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:268
    @mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17d5f10a3abb9d89 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:274
        os.environ['PKG_CONFIG_LIBDIR'] = os.path.join(self.builddir, 'meson-uninstalled')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5def75cf5c641da Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:276
            os.environ['PATH'] += os.pathsep + self.builddir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e9dd08d65330c27 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:287
        with open(os.path.join(self.privatedir, 'somename.pc'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f06b83196ed0ffd8 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:824
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aad1e09d98407c08 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:849
        with open(os.path.join(self.builddir, 'build.ninja'), encoding='utf-8') as ifile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb660c04d67da35c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1132
            myenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #adfe2e23258ea9f2 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1143
            myenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02a95dc4a08168cc Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1272
        myenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab0e461dc3d0c4c7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1287
        myenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c78a86829d234231 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1300
        myenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1857b6668d9c996 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1312
        with open(os.path.join(self.builddir, 'build.ninja'), encoding='utf-8') as bfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb9c1d440b26ff23 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1331
        with open(os.path.join(self.builddir, 'build.ninja'), encoding='utf-8') as bfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7a2b9be7f383414 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1344
        with open(os.path.join(self.builddir, 'build.ninja'), encoding='utf-8') as bfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0c080d5a20c9cf9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1430
        with open(os.path.join(self.builddir, 'build.ninja'), encoding='utf-8') as bfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #acc8b7070a259e4a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1495
                os.pathsep + os.environ['PATH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54bac8de5a44a0ce Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1545
        with open(build_ninja, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #347f3bd141186647 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1554
        with open(build_ninja, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b414cef2c174601 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1653
            with mock.patch.dict(os.environ, {envvar: name}):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6cbbac2b3374cea Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1704
        with open(filename, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2aa0155df1c888f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1728
        with open(wrap_filename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5bea94262d642bc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1756
            with open(os.path.join(d, 'meson.build'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da86aa7e954566b4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1767
        with open(os.path.join(self.privatedir, 'bar1.pc'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60849aeb914451b0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1770
        with open(os.path.join(self.privatedir, 'bar2.pc'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b412db9e82f8384 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1888
        with open(os.path.join(self.builddir, 'build.ninja'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3aac26936b9c7cd Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:80
                home = PurePath(os.environ['HOME'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea5ca7117b65851c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:84
                if 'USER' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f8fb70e532955b3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:86
                home = PurePath('C:\\', 'Users', os.environ['USER'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09255c96aa6b9723 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:112
        with open(filename, 'wt', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #737c59c6892a74b1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:134
        with open(filename, 'wt', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea25b8de5f007052 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:172
        with open(batfile, 'wt', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8683b74d4546ca9d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:206
                with open(fifo, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #232fcafa1ee83b68 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:793
    @skipIf('MESON_EXE' in os.environ, 'MESON_EXE is defined, cannot use mocking.')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2588d750e99dee30 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:808
                with mock.patch.dict(os.environ, {'XDG_DATA_HOME': d}):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94b30aa39618eb56 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:813
                with mock.patch.dict(os.environ, {'XDG_DATA_DIRS': d}):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #584eb6d8cdd91cad Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:814
                    os.environ.pop('XDG_DATA_HOME', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73f4f465d24e1a1e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:829
                with mock.patch.dict(os.environ):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c1ad3153381e850 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:830
                    os.environ.pop('XDG_DATA_HOME', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ddad1506b08772f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:843
        with open(filename, 'wt', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79a5cddb8f66deff Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:943
                    del os.environ[k]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3c0992cf3fbfb30 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:104
                with open(os.path.join(self.builddir, 'meson-info', 'intro-targets.json'), 'r', encoding='utf-8') as tgt_intro:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #d211c7959a91f544 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:141
            with urllib.request.urlopen('https://wrapdb.mesonbuild.com') as p:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #d282f0e7277c5ee8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:174
        with open(os.path.join(testdir, 'test.json'), 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e69d97fca4312bf Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:295
        with open(os.path.join(self.builddir, 'meson-logs', 'profile-startup-modules.json'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33bd455c2a2394bf Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:298
        with open(os.path.join(testdir, 'expected_mods.json'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5cf8e0a43b8803e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:387
        with open(editorconfig, 'w', encoding='utf-8') as handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9bc3f9d134521ef9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:453
        with open(os.path.join(testdir, 'meson_options.txt'), 'a', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18693057234e059b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:462
        with open(os.path.join(testdir, 'meson_options.txt'), 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2decf264da4bd950 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:464
        with open(os.path.join(testdir, 'meson_options.txt'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be22428cb9132de7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:487
        with open(os.path.join(testdir, 'meson_options.txt'), 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0f2aa958b8119b7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:489
        with open(os.path.join(testdir, 'meson_options.txt'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #529a130b502d56ed Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:502
        with open(os.path.join(testdir, 'meson_options.txt'), 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e124ef009aea13dc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:504
        with open(os.path.join(testdir, 'meson_options.txt'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9990fa316be11905 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:527
        with open(os.path.join(testdir, 'meson.options'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #973957aee64ba99a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:536
        with open(os.path.join(testdir, 'meson_options.txt'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ff445355ca0bcfa Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:545
        with open(os.path.join(testdir, 'subprojects/subproject/meson_options.txt'), 'a', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2e8f33c0614ec69 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:600
            Path(d, 'bar.c').write_text('int main() {}', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a47b32c152be456 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:605
            meson_build = Path(d, 'meson.build').read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8e598c41b98f65a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:612
            Path(d, 'bar.c').write_text('int bar() {}', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #610cca4a0b0b7440 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:613
            Path(d, 'foo.c').write_text('int main() {}', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #496c0421b6a0eddb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:617
            meson_build = Path(d, 'meson.build').read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aefd563db2184b91 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:624
            Path(d, 'bar.c').write_text('int main() {}', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c476ce67bfea9c9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:629
            meson_build = Path(d, 'meson.build').read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3eface467a16363 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:640
            meson_build = Path(d, 'meson.build').read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff766dcc0dd36a70 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/pythontests.py:45
            mesonfile.write_text('''project('test', 'c', version: '1')
pymod = import('python')
python = pymod.find_installation('python3', required: true)
''', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba8270242bc1617e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/rewritetests.py:485
        original_contents = meson_build_file.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #478e5c1d0d7ee233 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/rewritetests.py:531
        expected = Path(test_path / "expected_dag.txt").read_text(encoding='utf-8').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82674cb8f96869b3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/subprojectscommandtests.py:35
        with open(str(path / 'meson.build'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #407e00d32d2e37c3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/subprojectscommandtests.py:97
        with open(str((self.subprojects_dir / name).with_suffix('.wrap')), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8c73988c78dfda3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/subprojectscommandtests.py:112
        with open(str((self.subprojects_dir / name).with_suffix('.wrap')), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #873031b4f734f85c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/subprojectscommandtests.py:260
        with open(str((self.subprojects_dir / 'redirect').with_suffix('.wrap')), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9c20e58aaedead6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:49
    @mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca690a6f3fa4c90a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:78
        os.environ['PATH'] += os.pathsep + testdir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f462ec75aa598db Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:80
        if '.PY' in [ext.upper() for ext in os.environ['PATHEXT'].split(';')]:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1177988f4eb9c26 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:104
        path = os.environ['PATH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1794f573e53993d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:106
            username = os.environ['USERNAME']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b85be8f19c07334f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:240
            current_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9980e14c9a2a6854 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:296
            with mock.patch.dict(os.environ, {envvar: name}):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93ba75c140e3e10b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:382
        with open(build_ninja, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7030547a418bf06d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:441
        if 'VSCMD_VER' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #573e0d9e7e0d6ef8 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:443
        if version_compare(os.environ['VSCMD_VER'], '<16.10.0'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f66d285ffa46089f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:466
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

openai

python dependency
expand_more 59 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #beb2ed4bf67f77b1 Filesystem access.
pkgs/python/[email protected]/examples/image_stream.py:30
            with open(filename, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #461b73480e47cfa5 Filesystem access.
pkgs/python/[email protected]/examples/image_stream.py:41
            with open(filename, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2a0bbfcb10aaf9e0 Environment-variable access.
pkgs/python/[email protected]/examples/realtime/azure_realtime.py:31
    endpoint = os.environ["AZURE_OPENAI_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b89126cfc45cfe70 Environment-variable access.
pkgs/python/[email protected]/examples/realtime/azure_realtime.py:37
    deployment_name = os.environ["AZURE_OPENAI_DEPLOYMENT_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #04e0ac3656372e65 Filesystem access.
pkgs/python/[email protected]/examples/uploads.py:30
    data = file.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #857360508dbb5646 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:144
api_type: _ApiType | None = _t.cast(_ApiType, _os.environ.get("OPENAI_API_TYPE"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed973a41c478967a Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:146
api_version: str | None = _os.environ.get("OPENAI_API_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #697a28b958ad5637 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:148
azure_endpoint: str | None = _os.environ.get("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29cbd15349e41007 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:150
azure_ad_token: str | None = _os.environ.get("AZURE_OPENAI_AD_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #becff33a026bac7c Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:283
    return _os.environ.get("OPENAI_API_KEY") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18b7c005a8f4a882 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:287
    return azure_endpoint is not None or _os.environ.get("AZURE_OPENAI_API_KEY") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52b986d378c71a83 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:292
        _os.environ.get("AZURE_OPENAI_AD_TOKEN") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b2cc44173d77aab Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:308
            azure_endpoint = _os.environ.get("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3d95e106b14856d Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:311
            azure_ad_token = _os.environ.get("AZURE_OPENAI_AD_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77d65f37aab246a4 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:314
            api_version = _os.environ.get("OPENAI_API_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3db23f2761b1eaa1 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:324
            if (azure_ad_token is not None or azure_ad_token_provider is not None) and _os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47741b0826b28c8b Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:324
            if (azure_ad_token is not None or azure_ad_token_provider is not None) and _os.environ.get(
                "AZURE_OPENAI_API_KEY"
            ) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #9b3516bbfd4db30c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/openai/_base_client.py:308
        return await self._client.request(self._page_cls, self._options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #e510dd967c08ee29 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:137
            api_key = os.environ.get("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d63443793e2106cb Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:150
            organization = os.environ.get("OPENAI_ORG_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4fd619e89349d16 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:154
            project = os.environ.get("OPENAI_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d89f205071d02f79 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:158
            webhook_secret = os.environ.get("OPENAI_WEBHOOK_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e24778fa5782730b Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:164
            base_url = os.environ.get("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3c037c0f7ec6c81 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:512
            api_key = os.environ.get("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d43bf2fe80981804 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:525
            organization = os.environ.get("OPENAI_ORG_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1c28da26158677b Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:529
            project = os.environ.get("OPENAI_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9df7360d0403d553 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:533
            webhook_secret = os.environ.get("OPENAI_WEBHOOK_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c8972d26357f631 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:539
            base_url = os.environ.get("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a002b7a1ce1c7f9 Filesystem access.
pkgs/python/[email protected]/src/openai/_files.py:67
            return (path.name, path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8db9df29ce15dea Filesystem access.
pkgs/python/[email protected]/src/openai/_files.py:79
        return pathlib.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dad2461b123612c4 Filesystem access.
pkgs/python/[email protected]/src/openai/_files.py:109
            return (path.name, await path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #745f188386452094 Filesystem access.
pkgs/python/[email protected]/src/openai/_files.py:121
        return await anyio.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b7c5d2bac1ab483 Filesystem access.
pkgs/python/[email protected]/src/openai/_legacy_response.py:441
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8725497a13580399 Filesystem access.
pkgs/python/[email protected]/src/openai/_legacy_response.py:454
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1b2fd4f556c3ffc Environment-variable access.
pkgs/python/[email protected]/src/openai/_models.py:119
            extra="allow", defer_build=coerce_boolean(os.environ.get("DEFER_PYDANTIC_BUILD", "true"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94d40f409b38bee8 Filesystem access.
pkgs/python/[email protected]/src/openai/_response.py:513
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0445d463c19dcd3 Filesystem access.
pkgs/python/[email protected]/src/openai/_response.py:555
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b9df5b953843956 Environment-variable access.
pkgs/python/[email protected]/src/openai/_utils/_logs.py:23
    env = os.environ.get("OPENAI_LOG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #095d9bd81562b431 Filesystem access.
pkgs/python/[email protected]/src/openai/_utils/_transform.py:248
            binary = data.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a988d73b49371b5 Filesystem access.
pkgs/python/[email protected]/src/openai/_utils/_transform.py:414
            binary = await anyio.Path(data).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #929ede4002bab5ad Filesystem access.
pkgs/python/[email protected]/src/openai/_utils/_utils.py:371
    contents = Path(path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4a64259543abb11 Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_api/audio.py:67
        with open(args.file, "rb") as file_reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c215052733d316d Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_api/audio.py:90
        with open(args.file, "rb") as file_reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b7b74aaaa660112 Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_api/files.py:55
        with open(args.file, "rb") as file_reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2de624d3af30ca1 Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_api/image.py:103
        with open(args.image, "rb") as file_reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e57306ced8eb5d4c Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_api/image.py:119
        with open(args.image, "rb") as file_reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad642f7eae2d89f5 Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_api/image.py:125
            with open(args.mask, "rb") as file_reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e542a1ce01efe944 Environment-variable access.
pkgs/python/[email protected]/src/openai/cli/_tools/migrate.py:68
    xdg = os.environ.get("XDG_CACHE_HOME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96bec3c32acb781e Environment-variable access.
pkgs/python/[email protected]/src/openai/cli/_tools/migrate.py:76
    if not os.environ.get("DEBUG"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0232c8280c52bea2 Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_tools/migrate.py:121
        with open(temp_file, "wb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d137bf91568bf6a6 Filesystem access.
pkgs/python/[email protected]/src/openai/lib/_validators.py:485
                with open(fname, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9ea3a2c4759fcb2 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:193
            api_key = os.environ.get("AZURE_OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e5a5e2132317dbd Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:196
            azure_ad_token = os.environ.get("AZURE_OPENAI_AD_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d41a30058ada97e Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:204
            api_version = os.environ.get("OPENAI_API_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6baa6e34a282fa40 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:218
                azure_endpoint = os.environ.get("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94fe84230cbd38a4 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:474
            api_key = os.environ.get("AZURE_OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f58e8e950c7a7f85 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:477
            azure_ad_token = os.environ.get("AZURE_OPENAI_AD_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2312aeb49912526 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:485
            api_version = os.environ.get("OPENAI_API_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de27e8b78ba00f6b Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:499
                azure_endpoint = os.environ.get("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

orjson

python dependency
expand_more 40 low-confidence finding(s)
low env_fs dependency Excluded from app score #3c73d3d321d3f634 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:118
data = json.load(open("../encoding/encodings.json", "r"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #940b6f047415d389 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:120
indexes = json.load(open("../encoding/indexes.json", "r"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a94d6f8ae37fcc7d Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:366
  partially_generated_file = open(path, "r")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8229e2730a498754 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:387
label_file = open("src/lib.rs", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #baa7ae40f8ccc84a Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:405
  docfile = open("doc/%s.txt" % name, "r")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #016a3b17183aae19 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:457
label_test_file = open("src/test_labels_names.rs", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b34fe397a58df93 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:484
data_file = open("src/data.rs", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e284e8aad2192921 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1173
variant_file = open("src/variant.rs", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2b62649daf727dd Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1417
ffi_file = open("../encoding_c/src/lib.rs", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d8fe70cbf5cb9ac Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1440
single_byte_file = open("src/single_byte.rs", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cec9b1f9e01f28e0 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1494
static_file = open("../encoding_c/include/encoding_rs_statics.h", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65b1b6572f865864 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1560
utf_8_file = open("src/utf_8.rs", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb1ef714ab0f9d9f Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1623
jis0208_in_file = open("src/test_data/jis0208_in.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6dd76b5b18da593e Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1632
jis0208_in_ref_file = open("src/test_data/jis0208_in_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #262be7ea2f44f4ce Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1642
jis0208_out_file = open("src/test_data/jis0208_out.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #407b2773a96e17cb Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1643
jis0208_out_ref_file = open("src/test_data/jis0208_out_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35cd529a6fec8793 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1660
shift_jis_in_file = open("src/test_data/shift_jis_in.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #216d7521bafbe31d Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1669
shift_jis_in_ref_file = open("src/test_data/shift_jis_in_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85dd150f1ae72945 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1684
shift_jis_out_file = open("src/test_data/shift_jis_out.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1a52404a55804c1 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1685
shift_jis_out_ref_file = open("src/test_data/shift_jis_out_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0342a5c0d6fe983a Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1713
iso_2022_jp_in_file = open("src/test_data/iso_2022_jp_in.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21515bb2c7d08813 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1722
iso_2022_jp_in_ref_file = open("src/test_data/iso_2022_jp_in_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ca44e99b2707061 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1732
iso_2022_jp_out_file = open("src/test_data/iso_2022_jp_out.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f57781719a59401f Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1733
iso_2022_jp_out_ref_file = open("src/test_data/iso_2022_jp_out_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #562de56243405796 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1761
euc_kr_in_file = open("src/test_data/euc_kr_in.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #100ebb38d0a40c54 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1770
euc_kr_in_ref_file = open("src/test_data/euc_kr_in_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf93b24be0669718 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1785
euc_kr_out_file = open("src/test_data/euc_kr_out.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d65f3aa8da4bd08 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1786
euc_kr_out_ref_file = open("src/test_data/euc_kr_out_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d562e4699e717a21 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1802
gb18030_in_file = open("src/test_data/gb18030_in.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7353495b5e432acb Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1811
gb18030_in_ref_file = open("src/test_data/gb18030_in_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6f9b99c626e2eb8 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1826
gb18030_out_file = open("src/test_data/gb18030_out.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aff0768b312cec11 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1827
gb18030_out_ref_file = open("src/test_data/gb18030_out_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed06249328badb5d Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1845
big5_in_file = open("src/test_data/big5_in.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf54aab031453fb4 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1861
big5_in_ref_file = open("src/test_data/big5_in_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f105d7d93b6905f Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1898
big5_out_file = open("src/test_data/big5_out.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93b4593e26ca6d33 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1899
big5_out_ref_file = open("src/test_data/big5_out_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19d6ebb571baf025 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1921
jis0212_in_file = open("src/test_data/jis0212_in.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2e79d5846235ae5 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1930
jis0212_in_ref_file = open("src/test_data/jis0212_in_ref.txt", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #289d8285789263f4 Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1942
codepage_file = open("../codepage/src/lib.rs", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7c7f012c409589e Filesystem access.
pkgs/python/[email protected]/include/cargo/encoding_rs-0.8.35/generate-encoding-data.py:1974
codepage_test_file = open("../codepage/src/tests.rs", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

packaging

python dependency
expand_more 3 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #dfc139d98b930f90 Filesystem access.
pkgs/python/[email protected]/docs/conf.py:11
with open(os.path.join(_BASE_DIR, "src", "packaging", "__init__.py")) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07e3c21e66c42d2d Filesystem access.
pkgs/python/[email protected]/src/packaging/_manylinux.py:34
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a00e027d87f1899 Filesystem access.
pkgs/python/[email protected]/src/packaging/_musllinux.py:46
        with open(executable, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pathspec

python dependency
expand_more 15 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #08acc346c7c321f8 Filesystem access.
pkgs/python/[email protected]/benchmarks/conftest.py:29
		__line for __line in cpython_gi_file.read_text().splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #195c12ab9400560c Filesystem access.
pkgs/python/[email protected]/benchmarks/conftest.py:137
	return flit_gi_file.read_text().splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #51de835f847a03b3 Filesystem access.
pkgs/python/[email protected]/benchmarks/gen_md_tables.py:17
	run_info = json.loads(in_file.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #260c8433ebc13f50 Filesystem access.
pkgs/python/[email protected]/prebuild.py:39
	output.append(CHANGES_1_IN_RST.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33981a2320e62845 Filesystem access.
pkgs/python/[email protected]/prebuild.py:43
	output.append(CHANGES_0_IN_RST.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2c7d35bfbbceb66 Filesystem access.
pkgs/python/[email protected]/prebuild.py:46
	CHANGES_RST.write_text("".join(output))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90f2116b9cb73947 Filesystem access.
pkgs/python/[email protected]/prebuild.py:58
	output = PYPROJECT_IN_TOML.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41688a6bddef7bea Filesystem access.
pkgs/python/[email protected]/prebuild.py:61
	version_input = VERSION_PY.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2817ff1d2f4e501b Filesystem access.
pkgs/python/[email protected]/prebuild.py:70
	PYPROJECT_TOML.write_text(output)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d2af472696ac53a Filesystem access.
pkgs/python/[email protected]/prebuild.py:80
	output.append(README_RST.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6deee9631138883 Filesystem access.
pkgs/python/[email protected]/prebuild.py:87
	output.append(CHANGES_1_IN_RST.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b71178a4c1d16a3d Filesystem access.
pkgs/python/[email protected]/prebuild.py:90
	README_DIST_RST.write_text("".join(output))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #efec176896d6c093 Filesystem access.
pkgs/python/[email protected]/testpypi_prepublish.py:36
	version_input = VERSION_PY.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c91a5e2b5c98be8f Filesystem access.
pkgs/python/[email protected]/testpypi_prepublish.py:46
	output = PYPROJECT_TOML.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a9030df0ce1d501 Filesystem access.
pkgs/python/[email protected]/testpypi_prepublish.py:54
	PYPROJECT_TOML.write_text(output)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pexpect

python dependency
expand_more 15 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #f79d6b606a55b0ba Filesystem access.
pkgs/python/[email protected]/examples/chess2.py:52
            fout = open ('log','a')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #11f254d672f9e3c0 Filesystem access.
pkgs/python/[email protected]/examples/chess2.py:78
            fout = open ('log','a')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a6918dfe83ae05b1 Filesystem access.
pkgs/python/[email protected]/examples/chess2.py:127
    fout = open ('moves.log', 'a')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #253d32485b8b9ab4 Filesystem access.
pkgs/python/[email protected]/examples/chess3.py:48
        fout = open ('log','a')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #63beaca4bfe27c0a Filesystem access.
pkgs/python/[email protected]/examples/chess3.py:61
        fout = open ('log','a')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4aa4f66d36f0f9f4 Filesystem access.
pkgs/python/[email protected]/examples/chess3.py:109
fout = open ('log','a')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f58bf73f2394da57 Filesystem access.
pkgs/python/[email protected]/examples/chess3.py:118
fout = open ('log','a')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2ab178ac690af10f Environment-variable access.
pkgs/python/[email protected]/examples/hive.py:111
histfile = os.path.join(os.environ["HOME"], ".hive_history")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d884b4bc29022259 Filesystem access.
pkgs/python/[email protected]/examples/script.py:76
        fout = open(script_filename, "ab")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #81357ae5f57f9c9f Filesystem access.
pkgs/python/[email protected]/examples/script.py:78
        fout = open(script_filename, "wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7c20d07d5adbdf64 Environment-variable access.
pkgs/python/[email protected]/examples/terminal_emulation.py:63
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40661a46fd309bea Filesystem access.
pkgs/python/[email protected]/pexpect/ANSI.py:178
    fout = open ('log', 'a')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3194de26a9779780 Filesystem access.
pkgs/python/[email protected]/pexpect/pxssh.py:366
            with open(ssh_config, 'rt') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e86ccc93f86314f7 Environment-variable access.
pkgs/python/[email protected]/pexpect/utils.py:57
        env = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af538799966bad3a Filesystem access.
pkgs/python/[email protected]/setup.py:10
with open(os.path.join(os.path.dirname(__file__), 'pexpect', '__init__.py'), 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

prompt-toolkit

python dependency
expand_more 20 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #b4dbe564bc47bfa8 Filesystem access.
pkgs/python/[email protected]/examples/full-screen/pager.py:23
with open(_pager_py_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #14af80cc329acd44 Filesystem access.
pkgs/python/[email protected]/examples/full-screen/text-editor.py:184
                with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2b3ca75ae7ccaaa Filesystem access.
pkgs/python/[email protected]/src/prompt_toolkit/buffer.py:1560
        with open(filename, "w", encoding="utf-8") as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b97f437573233887 Filesystem access.
pkgs/python/[email protected]/src/prompt_toolkit/buffer.py:1595
                    with open(filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3171b2b9c49a1ff7 Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/buffer.py:1623
        visual = os.environ.get("VISUAL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5a60b1cf191e6f5 Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/buffer.py:1624
        editor = os.environ.get("EDITOR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c2dc3e9a5472f93 Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/completion/filesystem.py:115
            get_paths=lambda: os.environ.get("PATH", "").split(os.pathsep),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8483aeafca36366 Filesystem access.
pkgs/python/[email protected]/src/prompt_toolkit/history.py:282
            with open(self.filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d54c57933e717342 Filesystem access.
pkgs/python/[email protected]/src/prompt_toolkit/history.py:299
        with open(self.filename, "ab") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b83831a6732b5da Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/output/color_depth.py:47
        if os.environ.get("NO_COLOR"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #657b4476ae8a7b4b Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/output/color_depth.py:52
        if os.environ.get("PROMPT_TOOLKIT_COLOR_DEPTH") in all_values:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e42ede1594885233 Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/output/color_depth.py:53
            return cls(os.environ["PROMPT_TOOLKIT_COLOR_DEPTH"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56666a32f1979743 Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/output/vt100.py:722
        if os.environ.get("PROMPT_TOOLKIT_NO_CPR", "") == "1":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2ecf89364233cd8 Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/output/win32.py:72
        xterm = "xterm" in os.environ.get("TERM", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #006ddf9c517f722f Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/output/win32.py:80
                "that is compiled for Cygwin.".format(os.environ["TERM"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64b308105f39e21b Filesystem access.
pkgs/python/[email protected]/src/prompt_toolkit/output/win32.py:119
            self.LOG = open(_DEBUG_RENDER_OUTPUT_FILENAME, "ab")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7526e7f6e1c3535c Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/utils.py:210
    return sys.platform == "win32" and os.environ.get("ConEmuANSI", "OFF") == "ON"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40b5ee697519c0c1 Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/utils.py:224
    value = os.environ.get("PROMPT_TOOLKIT_BELL", "true")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e349555fcc92a9da Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/utils.py:230
    return os.environ.get("TERM", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd42c613ec652aad Environment-variable access.
pkgs/python/[email protected]/src/prompt_toolkit/utils.py:325
        return is_dumb_terminal(os.environ.get("TERM", ""))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

propcache

python dependency
expand_more 11 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #a546790b7f14a1f7 Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:35
    os.getenv("READTHEDOCS", "False") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ebfda164ad3ff651 Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:36
    and os.environ["READTHEDOCS_VERSION_TYPE"] == "tag"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ac9935c5d0c3715 Environment-variable access.
pkgs/python/[email protected]/packaging/pep517_backend/_backend.py:104
        (os.environ, env_var_name, KeyError),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #762b1b50a8910852 Filesystem access.
pkgs/python/[email protected]/packaging/pep517_backend/_cython_configuration.py:77
    config_toml_txt = (Path.cwd().resolve() / 'pyproject.toml').read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #131700bcda8558ac Environment-variable access.
pkgs/python/[email protected]/packaging/pep517_backend/_cython_configuration.py:114
    orig_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5a4e8b8fbf40d9a Environment-variable access.
pkgs/python/[email protected]/packaging/pep517_backend/_cython_configuration.py:116
    os.environ.update(expanded_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abca86557746b998 Environment-variable access.
pkgs/python/[email protected]/packaging/pep517_backend/_cython_configuration.py:119
        os.environ['CFLAGS'] = ' '.join((

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b669ef5187ceda3 Environment-variable access.
pkgs/python/[email protected]/packaging/pep517_backend/_cython_configuration.py:120
            os.getenv('CFLAGS', ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35110aa149085a2d Environment-variable access.
pkgs/python/[email protected]/packaging/pep517_backend/_cython_configuration.py:126
        os.environ.clear()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ee6b1f4fc80818b Environment-variable access.
pkgs/python/[email protected]/packaging/pep517_backend/_cython_configuration.py:127
        os.environ.update(orig_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc52793860a431be Environment-variable access.
pkgs/python/[email protected]/src/propcache/_helpers.py:8
NO_EXTENSIONS = bool(os.environ.get("PROPCACHE_NO_EXTENSIONS"))  # type: bool

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

psutil

python dependency
expand_more 27 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #36c7c4b0d6797cf1 Filesystem access.
pkgs/python/[email protected]/docs/conf.py:39
    with open(INIT) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1991e98109c8db3 Environment-variable access.
pkgs/python/[email protected]/psutil/_common.py:34
PSUTIL_DEBUG = bool(os.getenv('PSUTIL_DEBUG'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #758acbc0383f2ed0 Filesystem access.
pkgs/python/[email protected]/psutil/_common.py:682
    return open(fname, "rb", buffering=FILE_READ_BUFFER_SIZE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a165cba74af1c313 Filesystem access.
pkgs/python/[email protected]/psutil/_common.py:692
    fobj = open(  # noqa: SIM115
        fname,
        buffering=FILE_READ_BUFFER_SIZE,
        encoding=ENCODING,
        errors=ENCODING_ERRS,
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5619c1dac4723ce8 Environment-variable access.
pkgs/python/[email protected]/psutil/_psaix.py:375
        for path in os.environ["PATH"].split(":"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b23bbc517ebf2b2 Filesystem access.
pkgs/python/[email protected]/psutil/_psbsd.py:142
        with open('/proc/meminfo', 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #145aab395775703c Filesystem access.
pkgs/python/[email protected]/psutil/_psbsd.py:276
        with open('/proc/stat', 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #920f6eac6636f724 Environment-variable access.
pkgs/python/[email protected]/psutil/_pssunos.py:119
            f"PATH=/usr/sbin:/sbin:{os.environ['PATH']}",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2c93123b85d0b277 Filesystem access.
pkgs/python/[email protected]/scripts/internal/convert_readme.py:33
    with open(args.file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #099c6be0d70ed6bd Filesystem access.
pkgs/python/[email protected]/scripts/internal/download_wheels.py:64
    with open(OUTFILE, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a35a469a0d7d2aea Filesystem access.
pkgs/python/[email protected]/scripts/internal/download_wheels.py:87
        with open(os.path.expanduser(args.tokenfile)) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1019ee3ba183ea42 Filesystem access.
pkgs/python/[email protected]/scripts/internal/find_broken_links.py:98
    with open(fname) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #138681ab88c6c74a Filesystem access.
pkgs/python/[email protected]/scripts/internal/find_broken_links.py:113
    with open(fname) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #670c90c4625c7a5b Filesystem access.
pkgs/python/[email protected]/scripts/internal/find_broken_links.py:134
    with open(fname) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6cfe86cd69f01221 Filesystem access.
pkgs/python/[email protected]/scripts/internal/find_broken_links.py:164
    with open(fname, errors='ignore') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5a677e062cfcf5a6 Filesystem access.
pkgs/python/[email protected]/scripts/internal/find_broken_links.py:178
        with open(fname, errors='ignore') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ea8dced82c24e484 Filesystem access.
pkgs/python/[email protected]/scripts/internal/git_pre_commit.py:156
    with open("MANIFEST.in", encoding="utf8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #56ca84dedbd6afed Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/internal/install_pip.py:34
        req = urlopen(URL, **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #c9a85e511a58f499 Filesystem access.
pkgs/python/[email protected]/scripts/internal/print_announce.py:81
    with open(HISTORY) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #700a3d177025c3cd Environment-variable access.
pkgs/python/[email protected]/scripts/internal/print_downloads.py:42
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #be2bbbe3bc4c9eba Filesystem access.
pkgs/python/[email protected]/scripts/internal/print_hashes.py:18
    with open(file, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4deed166eae30794 Filesystem access.
pkgs/python/[email protected]/scripts/internal/purge_installation.py:56
                with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #fbde5c8b7aa98269 Filesystem access.
pkgs/python/[email protected]/scripts/internal/purge_installation.py:64
                    with open(path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5e21586858a5077 Environment-variable access.
pkgs/python/[email protected]/setup.py:46
        if "CIBUILDWHEEL" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6615feb99bbbd56 Filesystem access.
pkgs/python/[email protected]/setup.py:142
    with open(INIT) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55078390f0e97ae6 Environment-variable access.
pkgs/python/[email protected]/setup.py:258
        if os.getenv('CC'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41c5fbcf1bb4573d Environment-variable access.
pkgs/python/[email protected]/setup.py:259
            compiler.set_executable('compiler_so', os.getenv('CC'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ptyprocess

python dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #7f2fcc8b45317e12 Filesystem access.
pkgs/python/[email protected]/ptyprocess/ptyprocess.py:160
        readf = io.open(fd, 'rb', buffering=0)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70689aed1451f72b Filesystem access.
pkgs/python/[email protected]/ptyprocess/ptyprocess.py:161
        writef = io.open(fd, 'wb', buffering=0, closefd=False)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94e49f23220f1b62 Environment-variable access.
pkgs/python/[email protected]/ptyprocess/util.py:33
            path = os.environ.get("PATH", os.defpath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa86de3c59326943 Environment-variable access.
pkgs/python/[email protected]/ptyprocess/util.py:44
            pathext = os.environ.get("PATHEXT", "").split(os.pathsep)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pycodestyle

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #b84e8451fe84408e Environment-variable access.
pkgs/python/[email protected]/pycodestyle.py:80
            os.getenv('XDG_CONFIG_HOME') or os.path.expanduser('~/.config'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4e7a3371dcbc87c Filesystem access.
pkgs/python/[email protected]/pycodestyle.py:1751
        with open(filename, encoding='latin-1') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pycparser

python dependency
expand_more 4 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #7c8be241f79ea6ec Filesystem access.
pkgs/python/[email protected]/examples/serialize_ast.py:33
    with open(dump_filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c9a67202502360c Filesystem access.
pkgs/python/[email protected]/pycparser/__init__.py:94
        with io.open(filename, encoding=encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83c9388e73161a6e Filesystem access.
pkgs/python/[email protected]/pycparser/_ast_gen.py:46
        with open(filename, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74ee9a1f9978d250 Filesystem access.
pkgs/python/[email protected]/pycparser/_ast_gen.py:354
    with open(out_path, "w") as out:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pydantic

python dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #825f85321499fb90 Filesystem access.
pkgs/python/[email protected]/pydantic/deprecated/parse.py:71
    b = path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2291fa8feaf914d7 Environment-variable access.
pkgs/python/[email protected]/pydantic/json_schema.py:337
                if os.getenv('PYDANTIC_PRIVATE_ALLOW_UNHANDLED_SCHEMA_TYPES'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04a0331c9072c048 Filesystem access.
pkgs/python/[email protected]/pydantic/mypy.py:1373
    with open(config_file, 'rb') as rf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b0a30bd668ace0a Environment-variable access.
pkgs/python/[email protected]/pydantic/plugin/_loader.py:27
    disabled_plugins = os.getenv('PYDANTIC_DISABLE_PLUGINS')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8869558891e93a68 Environment-variable access.
pkgs/python/[email protected]/pydantic/v1/env_settings.py:173
            env_vars: Mapping[str, Optional[str]] = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ce26e5eddcf1629 Environment-variable access.
pkgs/python/[email protected]/pydantic/v1/env_settings.py:175
            env_vars = {k.lower(): v for k, v in os.environ.items()}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c43b19aca76af37 Filesystem access.
pkgs/python/[email protected]/pydantic/v1/env_settings.py:307
                    secret_value = path.read_text().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd2618ac29d6fe99 Filesystem access.
pkgs/python/[email protected]/pydantic/v1/mypy.py:948
    with open(config_file, read_mode) as rf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50cb9020ce7143b2 Filesystem access.
pkgs/python/[email protected]/pydantic/v1/parse.py:57
    b = path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pydub

python dependency
expand_more 6 low-confidence finding(s)
low env_fs dependency Excluded from app score #c4e3eae4fccc209f Filesystem access.
pkgs/python/[email protected]/pydub/audio_segment.py:571
            file = open(orig_file, buffering=2 ** 13 - 1, mode='rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2cee1557f941507 Filesystem access.
pkgs/python/[email protected]/pydub/audio_segment.py:615
        with open(os.devnull, 'rb') as devnull:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a290dfbceb730b17 Filesystem access.
pkgs/python/[email protected]/pydub/audio_segment.py:962
        with open(os.devnull, 'rb') as devnull:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c6e8097277bcc12 Filesystem access.
pkgs/python/[email protected]/pydub/utils.py:60
        fd = open(fd, mode=mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #966312a4bdc93fd1 Filesystem access.
pkgs/python/[email protected]/pydub/utils.py:65
            fd = open(fd, mode=mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #853014793e9309d4 Environment-variable access.
pkgs/python/[email protected]/pydub/utils.py:152
    envdir_list = [os.curdir] + os.environ["PATH"].split(os.pathsep)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pyflakes

python dependency
expand_more 7 low-confidence finding(s)
low env_fs dependency Excluded from app score #b0be39bad3503241 Filesystem access.
pkgs/python/[email protected]/pyflakes/api.py:66
        with open(filename, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e5c04069c986b1f Filesystem access.
pkgs/python/[email protected]/pyflakes/api.py:86
        with open(filename, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c371a2b8a0e4576 Environment-variable access.
pkgs/python/[email protected]/pyflakes/checker.py:730
    _customBuiltIns = os.environ.get('PYFLAKES_BUILTINS')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f5b98b5c4d96d9f Environment-variable access.
pkgs/python/[email protected]/pyflakes/checker.py:736
                 withDoctest='PYFLAKES_DOCTEST' in os.environ, file_tokens=()):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35ebdf22610a1db2 Environment-variable access.
pkgs/python/[email protected]/pyflakes/checker.py:1033
        if os.environ.get('PYFLAKES_ERROR_UNKNOWN'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a506dddcb188dc23 Filesystem access.
pkgs/python/[email protected]/setup.py:21
    with open(fname) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91f9c7157d7614f1 Filesystem access.
pkgs/python/[email protected]/setup.py:30
        with open(fname) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pygments

python dependency
expand_more 45 low-confidence finding(s)
low env_fs dependency Excluded from app score #860ca43f0a348e64 Environment-variable access.
pkgs/python/[email protected]/doc/conf.py:142
if os.environ.get('WEBSITE_BUILD'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d8a979137e027ea Environment-variable access.
pkgs/python/[email protected]/doc/conf.py:236
    ctx['demo_active'] = bool(os.environ.get('WEBSITE_BUILD'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6a7a2f9e0560815 Filesystem access.
pkgs/python/[email protected]/doc/conf.py:242
        with open('examples/example.py', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e107ad91f49c74e3 Filesystem access.
pkgs/python/[email protected]/doc/conf.py:280
        with open('../CHANGES', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6740aeb4f14caa76 Filesystem access.
pkgs/python/[email protected]/pygments/cmdline.py:351
            with open(infn, 'rb') as infp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f96dccc5351123d Filesystem access.
pkgs/python/[email protected]/pygments/cmdline.py:442
            outfile = open(outfn, 'wb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65a7c5135634fe74 Environment-variable access.
pkgs/python/[email protected]/pygments/cmdline.py:448
            if os.environ.get('COLORTERM','') in ('truecolor', '24bit'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be6a85ab7176767c Environment-variable access.
pkgs/python/[email protected]/pygments/cmdline.py:450
            elif '256' in os.environ.get('TERM', ''):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b07f894f93c004ed Filesystem access.
pkgs/python/[email protected]/pygments/formatters/__init__.py:102
        with open(filename, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5568b5fce6111f6e Filesystem access.
pkgs/python/[email protected]/pygments/formatters/html.py:643
                    with open(cssfilename, "w", encoding="utf-8") as cf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20404ff2cb1baabc Environment-variable access.
pkgs/python/[email protected]/pygments/formatters/img.py:131
        for font_dir in (os.path.join(os.getenv("HOME"), 'Library/Fonts/'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca7a5d8ddd3c6182 Filesystem access.
pkgs/python/[email protected]/pygments/lexers/__init__.py:153
        with open(filename, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28d2528c0e3a3f15 Filesystem access.
pkgs/python/[email protected]/pygments/lexers/_cocoa_builtins.py:41
                with open(headerFilePath, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #df014d35bc5feae7 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/pygments/lexers/_lua_builtins.py:225
        f = urlopen('http://www.lua.org/manual/')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #c189bbb566f94cd7 Filesystem access.
pkgs/python/[email protected]/pygments/lexers/_lua_builtins.py:252
        with open(filename, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b62ad28d29ee8b8 Filesystem access.
pkgs/python/[email protected]/pygments/lexers/_lua_builtins.py:259
        with open(filename, 'w', encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #70888789b54d61c5 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/pygments/lexers/_mysql_builtins.py:1248
        lex_file = urlopen(LEX_URL).read().decode('utf8', errors='ignore')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #474d3c5fafc90d33 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/pygments/lexers/_mysql_builtins.py:1254
        item_create_file = urlopen(ITEM_CREATE_URL).read().decode('utf8', errors='ignore')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #0467c5c9ae5e385b Filesystem access.
pkgs/python/[email protected]/pygments/lexers/_mysql_builtins.py:1320
        with open(__file__, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a9bff16f0e7287c Filesystem access.
pkgs/python/[email protected]/pygments/lexers/_mysql_builtins.py:1332
        with open(__file__, 'w', encoding='utf-8', newline='\n') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fadf068be09372a8 Filesystem access.
pkgs/python/[email protected]/pygments/lexers/_php_builtins.py:3270
            with open(file, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9683f5d03c47eb6b Filesystem access.
pkgs/python/[email protected]/pygments/lexers/_php_builtins.py:3306
        with open(filename, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d2a1173def8f25f Filesystem access.
pkgs/python/[email protected]/pygments/lexers/_php_builtins.py:3312
        with open(filename, 'w', encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #b412469d5d550d23 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/pygments/lexers/_postgres_builtins.py:642
        content = urlopen(DATATYPES_URL).read().decode('utf-8', errors='ignore')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a03e8514d213e998 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/pygments/lexers/_postgres_builtins.py:647
        content = urlopen(KEYWORDS_URL).read().decode('utf-8', errors='ignore')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #1c620d0744843acd Filesystem access.
pkgs/python/[email protected]/pygments/lexers/_postgres_builtins.py:724
        with open(filename, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd8df6ac72761444 Filesystem access.
pkgs/python/[email protected]/pygments/lexers/_postgres_builtins.py:736
        with open(filename, 'w', encoding='utf-8', newline='\n') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62a78a88244de83d Filesystem access.
pkgs/python/[email protected]/pygments/lexers/_scilab_builtins.py:3082
    with open(__file__, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04bd133d36d9248a Filesystem access.
pkgs/python/[email protected]/pygments/lexers/_scilab_builtins.py:3088
    with open(__file__, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99f2ad0973a02807 Filesystem access.
pkgs/python/[email protected]/pygments/lexers/_sourcemod_builtins.py:1125
        with open(filename, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87f93b14a49b9605 Filesystem access.
pkgs/python/[email protected]/pygments/lexers/_sourcemod_builtins.py:1132
        with open(filename, 'w', encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8d5ed5dfce7570b Filesystem access.
pkgs/python/[email protected]/pygments/sphinxext.py:174
                content = p.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d57759fcf3db01fb Filesystem access.
pkgs/python/[email protected]/pygments/unistring.py:115
    with open(__file__, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2975933bebf4194 Filesystem access.
pkgs/python/[email protected]/pygments/unistring.py:139
    with open(__file__, 'w', encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4bbc5df6b30f018b Filesystem access.
pkgs/python/[email protected]/scripts/check_crlf.py:28
                with open(full_path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #870f8717c3777f2b Filesystem access.
pkgs/python/[email protected]/scripts/check_sources.py:176
                with open(fn, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4c436c875e1cf510 Filesystem access.
pkgs/python/[email protected]/scripts/count_token_references.py:80
        fn: fn.read_text(encoding='utf-8').splitlines(keepends=False)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ebe339e94f97befc Filesystem access.
pkgs/python/[email protected]/scripts/debug_lexer.py:130
        with open(fn, 'rb') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f767e368dc87c6c6 Filesystem access.
pkgs/python/[email protected]/scripts/gen_mapfiles.py:50
        (pygments_package / key / '_mapping.py').write_text(content, encoding='utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #fd6924458a6c50df Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/get_css_properties.py:27
    data_request = urllib.request.urlopen('https://www.w3.org/Style/CSS/all-properties.en.json')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #26d3b4ae9491aba2 Filesystem access.
pkgs/python/[email protected]/scripts/get_css_properties.py:31
    with open('../pygments/lexers/_css_builtins.py', 'w', encoding='utf-8') as builtin_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #bd2d8d543b483677 Filesystem access.
pkgs/python/[email protected]/scripts/get_vimkw.py:33
    out = open(output, 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6fe698c8c45be2d3 Filesystem access.
pkgs/python/[email protected]/scripts/get_vimkw.py:39
    for line in open(input):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d44e806963b8b01a Filesystem access.
pkgs/python/[email protected]/scripts/utility.py:24
    for linenumber, line in enumerate(open(path, encoding='utf-8').readlines()):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #08c4bb9ed94af784 Filesystem access.
pkgs/python/[email protected]/scripts/vim2pygments.py:902
    f = open(filename)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pypandoc

python dependency
expand_more 15 low-confidence finding(s)
low env_fs dependency Excluded from app score #57e43f5ce1b25776 Filesystem access.
pkgs/python/[email protected]/binary/hatch_build.py:67
            with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #228367a49954bab3 Filesystem access.
pkgs/python/[email protected]/binary/hatch_build.py:78
        with open(init_path, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9da3841990f061dc Filesystem access.
pkgs/python/[email protected]/binary/hatch_build.py:87
        with open(readme_path, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4475db1e76d1b0f1 Environment-variable access.
pkgs/python/[email protected]/pypandoc/__init__.py:496
    new_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4749d2dcebe1bf93 Environment-variable access.
pkgs/python/[email protected]/pypandoc/__init__.py:725
    new_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e315b5cb2fd9e3a Environment-variable access.
pkgs/python/[email protected]/pypandoc/__init__.py:729
    if "HOME" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8b07eed2342a27b Environment-variable access.
pkgs/python/[email protected]/pypandoc/__init__.py:856
            if os.getenv("ProgramFiles", None):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05a8726bdb664157 Environment-variable access.
pkgs/python/[email protected]/pypandoc/__init__.py:863
            if os.getenv("ProgramFiles(x86)", None):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbed2dd7d35a3e8f Environment-variable access.
pkgs/python/[email protected]/pypandoc/__init__.py:878
        if os.getenv("PYPANDOC_PANDOC", None):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d9f40c8e196e2f5 Environment-variable access.
pkgs/python/[email protected]/pypandoc/__init__.py:879
            search_paths = [os.getenv("PYPANDOC_PANDOC")]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6ce4879c59921b6 Environment-variable access.
pkgs/python/[email protected]/pypandoc/__init__.py:979
        os.environ["PATH"] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f613a1af5d72292 Environment-variable access.
pkgs/python/[email protected]/pypandoc/__init__.py:980
            os.environ.get("PATH", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #969b7cd0d2288d27 Environment-variable access.
pkgs/python/[email protected]/pypandoc/_cli.py:20
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2feca93e835f70a Environment-variable access.
pkgs/python/[email protected]/pypandoc/pandoc_download.py:51
    github_token = os.environ.get("GITHUB_TOKEN", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #910a3179a6a57c8d Filesystem access.
pkgs/python/[email protected]/pypandoc/pandoc_download.py:333
        with open(filename, "wb") as out_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pyperclip

python dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #9f10397a82764003 Filesystem access.
pkgs/python/[email protected]/src/pyperclip/__init__.py:275
        fo = open('/dev/clipboard', 'wt')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf64267ef1a9249d Filesystem access.
pkgs/python/[email protected]/src/pyperclip/__init__.py:280
        fo = open('/dev/clipboard', 'rt')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #765ef07b704b6088 Filesystem access.
pkgs/python/[email protected]/src/pyperclip/__init__.py:518
        with open('/proc/version', 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #201599198cb63b90 Environment-variable access.
pkgs/python/[email protected]/src/pyperclip/__init__.py:534
    if os.getenv("WAYLAND_DISPLAY") and _executable_exists("wl-copy")  and _executable_exists("wl-paste"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56a0a18ff02fc0d2 Environment-variable access.
pkgs/python/[email protected]/src/pyperclip/__init__.py:540
    elif os.getenv("DISPLAY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

python-dateutil

python dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #3ac8a01b2c6c542d Filesystem access.
pkgs/python/[email protected]/ci_tools/make_zonefile_metadata.py:29
    with open(fpath, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #540fe45594b2ce9f Filesystem access.
pkgs/python/[email protected]/ci_tools/make_zonefile_metadata.py:59
    with open(args.out, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bcff8f4300c2c3a Filesystem access.
pkgs/python/[email protected]/setup.py:34
    with io.open('README.rst', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90282236c9066646 Filesystem access.
pkgs/python/[email protected]/src/dateutil/tz/tz.py:464
            fileobj = open(fileobj, 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22bc24c6112203f1 Filesystem access.
pkgs/python/[email protected]/src/dateutil/tz/tz.py:1271
            fileobj = open(fileobj, 'r')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a6dcf48751b774e Environment-variable access.
pkgs/python/[email protected]/src/dateutil/tz/tz.py:1596
                    name = os.environ["TZ"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62b9901cb8cbaf1e Filesystem access.
pkgs/python/[email protected]/src/dateutil/zoneinfo/rebuild.py:30
        with open(os.path.join(zonedir, METADATA_FN), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #113ad8ac8d095cec Filesystem access.
pkgs/python/[email protected]/updatezinfo.py:25
    with io.open(metadata_file, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #977098d20aec2113 Filesystem access.
pkgs/python/[email protected]/updatezinfo.py:52
    with open(metadata['tzdata_file'], 'rb') as tzfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

python-dotenv

python dependency
expand_more 11 low-confidence finding(s)
low env_fs dependency Excluded from app score #51a0aab04754fcf4 Filesystem access.
pkgs/python/[email protected]/src/dotenv/cli.py:76
        with open(path) as stream:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60b26ff53545b8ea Environment-variable access.
pkgs/python/[email protected]/src/dotenv/cli.py:194
        if v is not None and (override or k not in os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4f13510073741ae Environment-variable access.
pkgs/python/[email protected]/src/dotenv/cli.py:225
    cmd_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45f61225150db9c9 Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:26
    if "PYTHON_DOTENV_DISABLED" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6ee647b26fe078e Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:28
    value = os.environ["PYTHON_DOTENV_DISABLED"].casefold()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f209856cad402364 Filesystem access.
pkgs/python/[email protected]/src/dotenv/main.py:63
            with open(self.dotenv_path, encoding=self.encoding) as stream:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa1654cb89e6455a Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:105
            if k in os.environ and not self.override:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27c9df969d04efd4 Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:108
                os.environ[k] = v

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d50e34e3b559f54f Filesystem access.
pkgs/python/[email protected]/src/dotenv/main.py:148
        source: IO[str] = open(path, encoding=encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #731691286da3cca8 Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:302
                env.update(os.environ)  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c9caa04273e856b Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:306
                env.update(os.environ)  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pyyaml

python dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #ac48461c1a021b79 Environment-variable access.
pkgs/python/[email protected]/setup.py:72
os.environ['SETUPTOOLS_USE_DISTUTILS'] = 'local'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43e388459d0e6e88 Environment-variable access.
pkgs/python/[email protected]/setup.py:81
if 'sdist' in sys.argv or os.environ.get('PYYAML_FORCE_CYTHON') == '1':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29790d8d523a6f13 Environment-variable access.
pkgs/python/[email protected]/setup.py:160
            with_ext = getattr(self, ext.attr_name) or os.environ.get('PYYAML_FORCE_{0}'.format(ext.feature_name.upper()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

referencing

python dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #a865b595f60fb9b3 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:53
            github = Path(os.environ["GITHUB_STEP_SUMMARY"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ffb9800606ba66c Filesystem access.
pkgs/python/[email protected]/suite/test_sanity.py:19
SPECS = json.loads(VERSIONS.joinpath("specifications.json").read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0081dd4214d63758 Filesystem access.
pkgs/python/[email protected]/suite/test_sanity.py:21
_SCHEMA = json.loads(ROOT.joinpath("test-schema.json").read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ac3c43e1dd8f700 Filesystem access.
pkgs/python/[email protected]/suite/test_sanity.py:30
        test = json.loads(test_path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

regex

python dependency
expand_more 3 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #af98a51581dbb064 Filesystem access.
pkgs/python/[email protected]/tools/build_regex_unicode.py:680
    with open(path, 'w', encoding='ascii') as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #60f49f9907f2a1af Filesystem access.
pkgs/python/[email protected]/tools/build_regex_unicode.py:1454
    with open(c_path, 'w', newline='\n', encoding='ascii') as c_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #25e490e518fc309b Filesystem access.
pkgs/python/[email protected]/tools/build_regex_unicode.py:1577
    with open(h_path, 'w', newline='\n', encoding='ascii') as h_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

requests

python dependency
expand_more 10 low-confidence finding(s)
low env_fs dependency Excluded from app score #de4431bac45cf547 Filesystem access.
pkgs/python/[email protected]/setup.py:53
with open(os.path.join(here, "src", "requests", "__version__.py"), "r", "utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53901ff0e3bb02eb Filesystem access.
pkgs/python/[email protected]/setup.py:56
with open("README.md", "r", "utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58f2f4cf5240a73b Environment-variable access.
pkgs/python/[email protected]/src/requests/sessions.py:768
                    os.environ.get("REQUESTS_CA_BUNDLE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37b83231e4fe1d6d Environment-variable access.
pkgs/python/[email protected]/src/requests/sessions.py:769
                    or os.environ.get("CURL_CA_BUNDLE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6113cdbb122aaf93 Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:210
    netrc_file = os.environ.get("NETRC")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b9f4332af96c7f9 Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:743
        old_value = os.environ.get(env_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14fcbb7d0d727268 Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:744
        os.environ[env_name] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e33303c66bccc581 Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:750
                del os.environ[env_name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8d7098892ba2aff Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:752
                os.environ[env_name] = old_value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f594a15e845fb8ff Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:765
        return os.environ.get(key) or os.environ.get(key.upper())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

rpds-py

python dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #279b4c41960fe8c6 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:60
            github = Path(os.environ["GITHUB_STEP_SUMMARY"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

shellingham

python dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #ea10787c7102f210 Environment-variable access.
pkgs/python/[email protected]/src/shellingham/posix/__init__.py:54
    login_shell = os.environ.get("SHELL", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a22dc990a211e20e Filesystem access.
pkgs/python/[email protected]/src/shellingham/posix/proc.py:44
    with io.open(path, encoding="ascii", errors="replace") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0082d2c44a2c1841 Filesystem access.
pkgs/python/[email protected]/src/shellingham/posix/proc.py:55
    with io.open(path, encoding=encoding, errors="replace") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

six

python dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #ff391665c274dfcf Filesystem access.
pkgs/python/[email protected]/setup.py:43
with open("README.rst", "r") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

smmap

python dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #7aa22d503a2512d1 Filesystem access.
pkgs/python/[email protected]/setup.py:14
    long_description = open('README.md', encoding="utf-8").read().replace('\r\n', '\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

sounddevice

python dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #7b8de82294d57d49 Environment-variable access.
pkgs/python/[email protected]/setup.py:11
system = os.environ.get('PYTHON_SOUNDDEVICE_PLATFORM', platform.system())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #099793753aa824ae Environment-variable access.
pkgs/python/[email protected]/setup.py:13
architecture0 = os.environ.get('PYTHON_SOUNDDEVICE_ARCHITECTURE',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #661539fc2cdc046a Environment-variable access.
pkgs/python/[email protected]/setup.py:13
architecture0 = os.environ.get('PYTHON_SOUNDDEVICE_ARCHITECTURE',
    'arm64' if machine in ['arm64', 'aarch64'] else platform.architecture()[0])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61537cea67347ffd Environment-variable access.
pkgs/python/[email protected]/src/sounddevice.py:82
        if 'SD_ENABLE_ASIO' in _os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

soundfile

python dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #4f7da791e5fbec6d Environment-variable access.
pkgs/python/[email protected]/setup.py:8
platform = os.environ.get('PYSOUNDFILE_PLATFORM', sys.platform)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ca5e25a2e57c866 Environment-variable access.
pkgs/python/[email protected]/setup.py:9
architecture0 = os.environ.get('PYSOUNDFILE_ARCHITECTURE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eee907b6cd8987df Filesystem access.
pkgs/python/[email protected]/setup.py:76
with open('soundfile.py') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9f731b0e1852991 Filesystem access.
pkgs/python/[email protected]/setup.py:117
    long_description=open('README.rst').read(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14e99411804a39ab Environment-variable access.
pkgs/python/[email protected]/soundfile_build.py:138
platform = os.environ.get('PYSOUNDFILE_PLATFORM', sys.platform)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

starlette

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #13b768ce2b4afbc8 Environment-variable access.
pkgs/python/[email protected]/starlette/config.py:19
    def __init__(self, environ: MutableMapping[str, str] = os.environ):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ddd2022bac8062b Filesystem access.
pkgs/python/[email protected]/starlette/config.py:113
        with open(file_name, encoding=encoding) as input_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

tiktoken

python dependency
expand_more 12 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #cc5421025f05bccf Environment-variable access.
pkgs/python/[email protected]/scripts/benchmark.py:16
    num_threads = int(os.environ["RAYON_NUM_THREADS"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ec234fecbd45055f Filesystem access.
pkgs/python/[email protected]/scripts/redact.py:11
    text = path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d4b7d3edc95e8709 Filesystem access.
pkgs/python/[email protected]/scripts/redact.py:35
            path.write_text(redacted_text)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6ff6e29b716f3e49 Filesystem access.
pkgs/python/[email protected]/scripts/wheel_download.py:35
        with open(temp_zip, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50e163edd5b21d9a Filesystem access.
pkgs/python/[email protected]/tiktoken/_educational.py:212
    with open(__file__) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #526c2b48d20ca540 Filesystem access.
pkgs/python/[email protected]/tiktoken/load.py:10
        with open(blobpath, "rb", buffering=0) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3c2e6d6ac0a2b2c Environment-variable access.
pkgs/python/[email protected]/tiktoken/load.py:38
    if "TIKTOKEN_CACHE_DIR" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #508a14dd0f6e8efc Environment-variable access.
pkgs/python/[email protected]/tiktoken/load.py:39
        cache_dir = os.environ["TIKTOKEN_CACHE_DIR"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97f77d9b8d7af46e Environment-variable access.
pkgs/python/[email protected]/tiktoken/load.py:40
    elif "DATA_GYM_CACHE_DIR" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e880c99b7a1d2653 Environment-variable access.
pkgs/python/[email protected]/tiktoken/load.py:41
        cache_dir = os.environ["DATA_GYM_CACHE_DIR"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be900de9f6638375 Filesystem access.
pkgs/python/[email protected]/tiktoken/load.py:56
        with open(cache_path, "rb", buffering=0) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5acd779b0f46c4b6 Filesystem access.
pkgs/python/[email protected]/tiktoken/load.py:79
        with open(tmp_filename, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

tokenizers

python dependency
expand_more 18 low-confidence finding(s)
low env_fs dependency Excluded from app score #bd2d9baac817da7a Environment-variable access.
pkgs/python/[email protected]/bindings/python/benches/test_tiktoken.py:29
    os.environ["RAYON_NUM_THREADS"] = str(num_threads)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9ed800eb32dba3b5 Filesystem access.
pkgs/python/[email protected]/bindings/python/examples/example.py:29
    with open(args.file, "r") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29820974a46819ef Filesystem access.
pkgs/python/[email protected]/bindings/python/py_src/tokenizers/implementations/sentencepiece_unigram.py:160
        m.ParseFromString(open(filename, "rb").read())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e375fbc6c1b825e0 Filesystem access.
pkgs/python/[email protected]/bindings/python/py_src/tokenizers/tools/visualizer.py:12
with open(css_filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7b051dc061636682 Filesystem access.
pkgs/python/[email protected]/bindings/python/scripts/convert.py:52
    m.ParseFromString(open(filename, "rb").read())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #57b1436ac89f974d Filesystem access.
pkgs/python/[email protected]/bindings/python/scripts/convert.py:342
    with open(filename, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7cff41139bd33c75 Filesystem access.
pkgs/python/[email protected]/bindings/python/scripts/sentencepiece_extractor.py:61
        with open(self._model, "r") as model_f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #85c07d915745a53c Filesystem access.
pkgs/python/[email protected]/bindings/python/scripts/sentencepiece_extractor.py:134
        with open(args.vocab_output_path, "w") as vocab_f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #58154c28fbcf9d60 Filesystem access.
pkgs/python/[email protected]/bindings/python/scripts/sentencepiece_extractor.py:135
            with open(args.merges_output_path, "w") as merges_f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b6dd24acf9158b7e Filesystem access.
pkgs/python/[email protected]/bindings/python/scripts/spm_parity_check.py:99
    with open(args.input_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b7bc5a605f6e808f Filesystem access.
pkgs/python/[email protected]/bindings/python/scripts/spm_parity_check.py:226
    with open(args.input_file, "r", encoding="utf-8-sig") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e87138b17b6a40cb Filesystem access.
pkgs/python/[email protected]/bindings/python/stub.py:259
        with open(filename, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7cb77433e529f6d2 Filesystem access.
pkgs/python/[email protected]/bindings/python/stub.py:263
        with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8472253203c4e06 Filesystem access.
pkgs/python/[email protected]/bindings/python/stub.py:279
        with open(filename, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f9c194cf53376d9 Filesystem access.
pkgs/python/[email protected]/bindings/python/stub.py:286
            with open(filename, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29e9b4cc70919302 Filesystem access.
pkgs/python/[email protected]/bindings/python/stub.py:290
            with open(filename, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #929dcccc7b0e6b48 Filesystem access.
pkgs/python/[email protected]/py_src/tokenizers/implementations/sentencepiece_unigram.py:160
        m.ParseFromString(open(filename, "rb").read())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f3c590b587e70d57 Filesystem access.
pkgs/python/[email protected]/py_src/tokenizers/tools/visualizer.py:12
with open(css_filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

tqdm

python dependency
expand_more 18 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #6e5cd086361b99f3 Filesystem access.
pkgs/python/[email protected]/examples/7zx.py:82
            with open(md, buffering=1) as m:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #301a525af411d2bc Filesystem access.
pkgs/python/[email protected]/examples/tqdm_requests.py:31
with open(eg_out, "wb") as fout:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #31dd4bf0caf85901 Filesystem access.
pkgs/python/[email protected]/examples/tqdm_requests.py:44
    open(eg_out, "wb"), "write",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #22318389343fc4db Filesystem access.
pkgs/python/[email protected]/examples/tqdm_wget.py:106
with tqdm.wrapattr(open(eg_out, "wb"), "write",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd2b71f832a75226 Filesystem access.
pkgs/python/[email protected]/tqdm/cli.py:270
                dst.write_bytes(fi.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a62806f951e3990 Environment-variable access.
pkgs/python/[email protected]/tqdm/contrib/bells.py:15
if getenv("TQDM_SLACK_TOKEN") and getenv("TQDM_SLACK_CHANNEL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a15494d790ec3ec9 Environment-variable access.
pkgs/python/[email protected]/tqdm/contrib/bells.py:17
elif getenv("TQDM_TELEGRAM_TOKEN") and getenv("TQDM_TELEGRAM_CHAT_ID"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12d9ed9f885b35ce Environment-variable access.
pkgs/python/[email protected]/tqdm/contrib/bells.py:19
elif getenv("TQDM_DISCORD_TOKEN") and getenv("TQDM_DISCORD_CHANNEL_ID"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #b9fa0f4999dff10b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/tqdm/contrib/discord.py:45
            res = self.session.post(
                f'{self.API}/channels/{self.channel_id}/messages',
                headers={'Authorization': f'Bot {self.token}', 'User-Agent': self.UA},
                json={'content': f"`{self.text}`"}).json()

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #1de592b3591a9dcb Environment-variable access.
pkgs/python/[email protected]/tqdm/contrib/discord.py:122
                kwargs.pop('token', getenv('TQDM_DISCORD_TOKEN')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ebe49b5425ded799 Environment-variable access.
pkgs/python/[email protected]/tqdm/contrib/discord.py:123
                kwargs.pop('channel_id', getenv('TQDM_DISCORD_CHANNEL_ID')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6a8f8d4f2126bf2 Environment-variable access.
pkgs/python/[email protected]/tqdm/contrib/slack.py:88
                kwargs.pop('token', getenv("TQDM_SLACK_TOKEN")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67b487d8887e8f6e Environment-variable access.
pkgs/python/[email protected]/tqdm/contrib/slack.py:89
                kwargs.pop('channel', getenv("TQDM_SLACK_CHANNEL")))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #4f50a1e284b09354 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/tqdm/contrib/telegram.py:42
            res = self.session.post(
                self.API + '%s/sendMessage' % self.token,
                data={'text': '`' + self.text + '`', 'chat_id': self.chat_id,
                      'parse_mode': 'MarkdownV2'}).json()

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #8f1f3d99a44fa36e Environment-variable access.
pkgs/python/[email protected]/tqdm/contrib/telegram.py:119
                kwargs.pop('token', getenv('TQDM_TELEGRAM_TOKEN')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88795b12275c70bb Environment-variable access.
pkgs/python/[email protected]/tqdm/contrib/telegram.py:120
                kwargs.pop('chat_id', getenv('TQDM_TELEGRAM_CHAT_ID')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c8975d0ef2a5346 Environment-variable access.
pkgs/python/[email protected]/tqdm/utils.py:73
    env_overrides = {k[i:].lower(): v for k, v in os.environ.items() if k.startswith(prefix)}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88ec346cc338cf51 Environment-variable access.
pkgs/python/[email protected]/tqdm/utils.py:347
                return [int(os.environ[i]) - 1 for i in ("COLUMNS", "LINES")]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

tree-sitter-c-sharp

python dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #821cedc22d1698d3 Filesystem access.
pkgs/python/[email protected]/bindings/python/tree_sitter_c_sharp/__init__.py:10
    globals()[name] = query.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

tree-sitter-embedded-template

python dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #395195c84fdc6b5f Filesystem access.
pkgs/python/[email protected]/bindings/python/tree_sitter_embedded_template/__init__.py:10
    globals()[name] = query.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

tree-sitter-yaml

python dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #f7411a7b1018415a Filesystem access.
pkgs/python/[email protected]/bindings/python/tree_sitter_yaml/__init__.py:10
    globals()[name] = query.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

typing-extensions

python dependency
expand_more 7 low-confidence finding(s)
low env_fs dependency Excluded from app score #07f4bc47da22771e Filesystem access.
pkgs/python/[email protected]/src/test_typing_extensions.py:1649
            Path(tempdir, "ann_module.py").write_text(ANN_MODULE_SOURCE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe399edb832bad14 Filesystem access.
pkgs/python/[email protected]/src/test_typing_extensions.py:1650
            Path(tempdir, "ann_module2.py").write_text(ANN_MODULE_2_SOURCE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69879d2dbf597208 Filesystem access.
pkgs/python/[email protected]/src/test_typing_extensions.py:1651
            Path(tempdir, "ann_module3.py").write_text(ANN_MODULE_3_SOURCE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a94456b3c39b8524 Filesystem access.
pkgs/python/[email protected]/src/test_typing_extensions.py:8436
            Path(tempdir, "inspect_stock_annotations.py").write_text(STOCK_ANNOTATIONS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8550d48094eb8efa Filesystem access.
pkgs/python/[email protected]/src/test_typing_extensions.py:8437
            Path(tempdir, "inspect_stringized_annotations.py").write_text(STRINGIZED_ANNOTATIONS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c793f5e9db43bb97 Filesystem access.
pkgs/python/[email protected]/src/test_typing_extensions.py:8438
            Path(tempdir, "inspect_stringized_annotations_2.py").write_text(STRINGIZED_ANNOTATIONS_2)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51116ecf87bcae31 Filesystem access.
pkgs/python/[email protected]/src/test_typing_extensions.py:8887
            Path(tempdir, "inspect_stringized_annotations_pep_695.py").write_text(STRINGIZED_ANNOTATIONS_PEP_695)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

urllib3

python dependency
expand_more 12 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #1e8d2ae0bbc380dd Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:15
if "READTHEDOCS" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4c41a65028944415 Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:76
html_baseurl = os.environ.get("READTHEDOCS_CANONICAL_URL", "/")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1276f9e93b7dbd8b Filesystem access.
pkgs/python/[email protected]/dummyserver/app.py:466
        return await make_response(file_path.read_bytes(), 200, headers)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cece8f77b48a573e Filesystem access.
pkgs/python/[email protected]/dummyserver/app.py:483
    return await make_response(file_path.read_bytes(), 200, headers)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #89c4634179811f30 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/urllib3/__init__.py:193
    return _DEFAULT_POOL.request(
        method,
        url,
        body=body,
        fields=fields,
        headers=headers,
        preload_content=preload_content,
        decode_content=decode_content,
        redirect=redirect,
        retries=retries,
        timeout=timeout,
        json=json,
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #924b885c83ac4dee Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/urllib3/connectionpool.py:210
            self.pool.put(None)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f1d40b89953ef584 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/urllib3/connectionpool.py:310
                self.pool.put(conn, block=False)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #046f00fb83a72b33 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/urllib3/connectionpool.py:493
            conn.request(
                method,
                url,
                body=body,
                headers=headers,
                chunked=chunked,
                preload_content=preload_content,
                decode_content=decode_content,
                enforce_content_length=enforce_content_length,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #1c7d0e36402c790f Filesystem access.
pkgs/python/[email protected]/src/urllib3/contrib/emscripten/fetch.py:204
        streaming_worker_code = (
            files(__package__)
            .joinpath("emscripten_fetch_worker.js")
            .read_text(encoding="utf-8")
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce76c0406745c014 Environment-variable access.
pkgs/python/[email protected]/src/urllib3/util/ssl_.py:367
    if "SSLKEYLOGFILE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6567cfca6dd67747 Environment-variable access.
pkgs/python/[email protected]/src/urllib3/util/ssl_.py:368
        sslkeylogfile = os.path.expandvars(os.environ.get("SSLKEYLOGFILE"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34a7707c86a7c557 Filesystem access.
pkgs/python/[email protected]/src/urllib3/util/ssl_.py:502
    with open(key_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

watchfiles

python dependency
expand_more 7 low-confidence finding(s)
low env_fs dependency Excluded from app score #1ca7f61fac629093 Environment-variable access.
pkgs/python/[email protected]/watchfiles/main.py:332
    env_var = os.getenv('WATCHFILES_FORCE_POLLING')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c35e0e17e190d8c Environment-variable access.
pkgs/python/[email protected]/watchfiles/main.py:343
    env_var = os.getenv('WATCHFILES_POLL_DELAY_MS')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #885e4a43d35322f5 Environment-variable access.
pkgs/python/[email protected]/watchfiles/main.py:353
    env_var = os.getenv('WATCHFILES_DEBUG')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #032ad2d5878c4d34 Environment-variable access.
pkgs/python/[email protected]/watchfiles/main.py:372
    env_var = os.getenv('WATCHFILES_IGNORE_PERMISSION_DENIED')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb4e7021376b6b16 Environment-variable access.
pkgs/python/[email protected]/watchfiles/run.py:261
    os.environ['WATCHFILES_CHANGES'] = changes_env_var

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5581458d38ee14da Environment-variable access.
pkgs/python/[email protected]/watchfiles/run.py:323
        os.environ.pop('WATCHFILES_CHANGES', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20cb6845dc73fab4 Filesystem access.
pkgs/python/[email protected]/watchfiles/run.py:414
            with open(tty_path) as tty:  # pragma: no cover

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

wcwidth

python dependency
expand_more 22 low-confidence finding(s)
low env_fs dependency Excluded from app score #008c07320c9195f7 Environment-variable access.
pkgs/python/[email protected]/bin/update-tables.py:55
CONNECT_TIMEOUT = int(os.environ.get('CONNECT_TIMEOUT', '10'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #346445ffe837dc59 Environment-variable access.
pkgs/python/[email protected]/bin/update-tables.py:56
READ_TIMEOUT = int(os.environ.get('READ_TIMEOUT', '30'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a9953500ee572a3 Environment-variable access.
pkgs/python/[email protected]/bin/update-tables.py:57
FETCH_BLOCKSIZE = int(os.environ.get('FETCH_BLOCKSIZE', '4096'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94e0085c21a706fb Environment-variable access.
pkgs/python/[email protected]/bin/update-tables.py:58
MAX_RETRIES = int(os.environ.get('MAX_RETRIES', '10'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1289398e037f7bc2 Environment-variable access.
pkgs/python/[email protected]/bin/update-tables.py:59
BACKOFF_FACTOR = float(os.environ.get('BACKOFF_FACTOR', '1.0'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03c4e24fc2356db0 Filesystem access.
pkgs/python/[email protected]/bin/update-tables.py:355
    with open(UnicodeDataFile.DerivedAge(), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f046c3a2e84d93f3 Filesystem access.
pkgs/python/[email protected]/bin/update-tables.py:497
    with open(fname, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac66d8cdf6463d94 Filesystem access.
pkgs/python/[email protected]/bin/update-tables.py:605
    with open(fname, encoding='utf-8') as fin:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2abafe829dbecb60 Filesystem access.
pkgs/python/[email protected]/bin/update-tables.py:616
    with open(filename, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8061410497a299a6 Filesystem access.
pkgs/python/[email protected]/bin/update-tables.py:681
    with open(fname, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60327d98d37c80cd Filesystem access.
pkgs/python/[email protected]/bin/update-tables.py:698
    with open(fname, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2af0ba4652910e7d Filesystem access.
pkgs/python/[email protected]/bin/update-tables.py:720
    with open(fname, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ffdcfb74c33e05a Filesystem access.
pkgs/python/[email protected]/bin/update-tables.py:745
    with open(fname, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1eda2396b37e99f Filesystem access.
pkgs/python/[email protected]/bin/update-tables.py:767
    with open(fname, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7427c6c7486c73d5 Filesystem access.
pkgs/python/[email protected]/bin/update-tables.py:808
    with open(fname, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9fbf30b274ad23a4 Filesystem access.
pkgs/python/[email protected]/bin/update-tables.py:842
    with open(fname, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca68938c863b0051 Filesystem access.
pkgs/python/[email protected]/bin/update-tables.py:1032
        with open(fname, 'w', encoding='utf-8', newline='\n') as fout:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d412f4f4ab27a4f6 Filesystem access.
pkgs/python/[email protected]/bin/update-tables.py:1048
        with open(fname, 'wb') as fout:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd1a3fa040a755da Filesystem access.
pkgs/python/[email protected]/bin/update-tables.py:1114
        with open(original_filename, encoding='utf-8') as f1, \

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f86797e0fd15332 Filesystem access.
pkgs/python/[email protected]/bin/update-tables.py:1115
                open(new_filename, encoding='utf-8') as f2:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d509c8bbedd7c8ae Filesystem access.
pkgs/python/[email protected]/bin/update-tables.py:1278
        with open(new_filename, 'w', encoding='utf-8', newline='\n') as fout:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc3b8ebb635de25b Filesystem access.
pkgs/python/[email protected]/bin/wcwidth-browser.py:200
        with open(filepath, 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

yarl

python dependency
expand_more 12 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #f64bb2cfe5731602 Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:35
    os.getenv("READTHEDOCS", "False") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b6934d9b4a34ca05 Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:36
    and os.environ["READTHEDOCS_VERSION_TYPE"] == "tag"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7e409a6d9d76bb5 Environment-variable access.
pkgs/python/[email protected]/packaging/pep517_backend/_backend.py:131
        (os.environ, env_var_name, KeyError),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e444cad14234052 Filesystem access.
pkgs/python/[email protected]/packaging/pep517_backend/_cython_configuration.py:85
    config_toml_txt = (Path.cwd().resolve() / 'pyproject.toml').read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66bc75d123065514 Filesystem access.
pkgs/python/[email protected]/packaging/pep517_backend/_cython_configuration.py:142
    config_toml_txt = (Path.cwd().resolve() / 'pyproject.toml').read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e70c53160e5df7c8 Environment-variable access.
pkgs/python/[email protected]/packaging/pep517_backend/_cython_configuration.py:197
    orig_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b41076b2ceb6ac77 Environment-variable access.
pkgs/python/[email protected]/packaging/pep517_backend/_cython_configuration.py:199
    os.environ.update(expanded_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f63a91dae65a7a34 Environment-variable access.
pkgs/python/[email protected]/packaging/pep517_backend/_cython_configuration.py:201
    os.environ['CFLAGS'] = ' '.join((

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9676bb77873ba609 Environment-variable access.
pkgs/python/[email protected]/packaging/pep517_backend/_cython_configuration.py:244
    os.environ['LDFLAGS'] = ' '.join((

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af3e5cc6fe460ee1 Environment-variable access.
pkgs/python/[email protected]/packaging/pep517_backend/_cython_configuration.py:268
        os.environ.clear()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c98989ce57f32f84 Environment-variable access.
pkgs/python/[email protected]/packaging/pep517_backend/_cython_configuration.py:269
        os.environ.update(orig_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dfabc8609979f954 Environment-variable access.
pkgs/python/[email protected]/yarl/_quoting.py:8
NO_EXTENSIONS = bool(os.environ.get("YARL_NO_EXTENSIONS"))  # type: bool

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

  • pillow prod — sdist exceeds byte cap
  • tree-sitter-language-pack prod — sdist exceeds byte cap
  • scipy prod — sdist exceeds byte cap