Close Open Privacy Scan
App Privacy Score
Low risk · 408 finding(s)
Dependency score: 82 (Low risk)
bar_chart Score Breakdown
list Scan Summary
swap_horiz External domains
a#бa@bтест
</> First-Party Code
first-party (npm)
npm first-partyexpand_more 50 low-confidence finding(s)
MOCHA_TIMEOUT = parseInt(process.env.ESLINT_MOCHA_TIMEOUT, 10) || 10000;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(filePath, `${JSON.stringify(data, null, 4)}\n`);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(
docsPackagePath,
`${JSON.stringify(docsPackage, null, 4)}\n`,
);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(
CHANGELOG_FILE,
`${releaseInfo.markdownChangelog}${cat(CHANGELOG_FILE)}`,
);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(
VERSIONS_FILE,
`${JSON.stringify(versions, null, 4)}\n`,
);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (process.env.CI) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(PERF_ESLINT_CONFIG, content);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.BRANCH && /^v\d+\.x$/u.test(process.env.BRANCH);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (process.env.CONTEXT === "deploy-preview") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
} else if (process.env.BRANCH === "latest") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
} else if (process.env.BRANCH === "next") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
pathPrefix = `/docs/${process.env.BRANCH}/`; // `/docs/v8.x/`, `/docs/v9.x/`, `/docs/v10.x/` ...
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const siteName = process.env.ESLINT_SITE_NAME || "en";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
eleventyConfig.addGlobalData("GIT_BRANCH", process.env.BRANCH);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
eleventyConfig.addGlobalData("HEAD", process.env.BRANCH === "main");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
eleventyConfig.addGlobalData("NOINDEX", process.env.BRANCH !== "latest");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.CONTEXT && process.env.CONTEXT !== "deploy-preview"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.CONTEXT && // if this is a build on Netlify ...
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.CONTEXT !== "deploy-preview" && // ... and not for a deploy preview ...
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.BRANCH !== "latest" // .. and not of the `latest` branch ...
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const thisBranch = process.env.BRANCH;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return yaml.load(fs.readFileSync(siteDataFile));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
results.source = fs.readFileSync(filePath, "utf-8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await writeFile(filePath, output);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const text = await fsp.readFile(filePath, {
encoding: "utf8",
signal: controller?.signal,
});
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (!process.env.ESLINT_FLAGS) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const envFlags = process.env.ESLINT_FLAGS.trim().split(/\s*,\s*/gu);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
retrier.retry(() => fs.writeFile(r.filePath, r.output)),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const enabled = !!process.env.TIMING;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (typeof process.env.TIMING !== "string") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (process.env.TIMING.toLowerCase() === "all") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const TIMING_ENV_VAR_AS_INTEGER = Number.parseInt(process.env.TIMING, 10);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let content = readFileSync(sourceFile, "utf8")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const data = await fs.promises.readFile(this.filePath, "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return fs.promises.writeFile(
this.filePath,
stringify(suppressions, { space: 2 }),
);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(`${OUTPUT_DIRECTORY}/${fileName}`, fileContent);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return readFile(`${OUTPUT_DIRECTORY}/${fileName}`);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const links = JSON.parse(await fs.readFile(DATA_FILE_PATH, "utf8"));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const text = await fs.readFile(filename, "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await fs.writeFile(DATA_FILE_PATH, JSON.stringify(links, null, 2), "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await fs.readFile(TEMPLATE_FILENAME, "utf8"),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFile(INDEX_FILENAME, indexFileContent),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFile(HTML_FORMATTER_FILENAME, formatterResults.html.result),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await fs.writeFile(
pluginDataFilePath,
await prettier.format(
JSON.stringify({
...pluginsData,
...pluginsUpdated,
}),
{
...(await prettier.resolveConfig(pluginDataFilePath.toString())),
filepath: pluginDataFilePath.toString(),
},
),
);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync("./packages/js/src/configs/eslint-all.js", code, "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(
"./packages/js/src/configs/eslint-recommended.js",
code,
"utf8",
);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const readme = fs.readFileSync(README_FILE_PATH, "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(README_FILE_PATH, newReadme, "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const sourceText = await readFile(ruleTypeFile, "utf-8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await writeFile(ruleTypeFile, newSourceText);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
</> Dependencies
@babel/core
npm dependencyexpand_more 6 low-confidence finding(s)
return fn(filepath, yield* readFile(filepath, "utf8"));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const targetPath = process.env.BABEL_SHOW_CONFIG_FOR;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return process.env.BABEL_ENV || process.env.NODE_ENV || defaultValue;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (typeof process !== "undefined" && process.env.BABEL_7_TO_8_DANGEROUSLY_DISABLE_VERSION_CHECK) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const code = yield* readFile(filename, "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const inputMapContent = fs.readFileSync(inputMapPath, "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
@eslint/eslintrc
npm dependencyexpand_more 1 low-confidence finding(s)
return fs.readFileSync(filePath, "utf8").replace(/^\ufeff/u, "");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
@humanfs/node
npm dependencyexpand_more 3 low-confidence finding(s)
.retry(() => this.#fsp.readFile(filePath))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
.retry(() => this.#fsp.writeFile(filePath, value))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
.then(() => this.#fsp.writeFile(filePath, value));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
babel-loader
npm dependencyexpand_more 2 low-confidence finding(s)
const data = await readFile(filename + (compress ? ".gz" : ""));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return await writeFile(filename + (compress ? ".gz" : ""), data);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
c8
npm dependencyexpand_more 11 low-confidence finding(s)
process.env.NODE_V8_COVERAGE = argv.tempDirectory
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
monocartArgv: (argv.experimentalMonocart || process.env.EXPERIMENTAL_MONOCART) ? argv : null
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const { readFileSync } = require('fs')
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const config = JSON.parse(readFileSync(path))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
default: process.env.NODE_V8_COVERAGE
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
;({ readFile } = require('fs').promises)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const { readdirSync, readFileSync, statSync } = require('fs')
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
reports.push(JSON.parse(readFileSync(
resolve(this.tempDirectory, file),
'utf8'
)))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const { readFileSync } = require('fs')
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fileBody = readFileSync(filename).toString()
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const content = readFileSync(fileURLToPath(mapURL), 'utf8')
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
common-tags
npm dependencyexpand_more 2 low-confidence finding(s)
import fs from 'fs';
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var _fs = require('fs');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
core-js
npm dependencyexpand_more 6 low-confidence finding(s)
|| new URL('https://a@b').username !== 'a'
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
|| new URL('https://тест').host !== 'xn--e1aybc'
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
|| new URL('https://a#б').hash !== '#%D0%B1'
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
var fs = require('fs');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
banners = JSON.parse(fs.readFileSync(file));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(file, JSON.stringify(banners), 'utf8');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
cross-spawn
npm dependencyexpand_more 2 low-confidence finding(s)
parsed.command = process.env.comspec || 'cmd.exe';
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fs = require('fs');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
debug
npm dependencyexpand_more 5 low-confidence finding(s)
r = process.env.DEBUG;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let val = process.env[key];
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.DEBUG = namespaces;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
delete process.env.DEBUG;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return process.env.DEBUG;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
ejs
npm dependencyexpand_more 20 low-confidence finding(s)
let fs = require('fs');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let usage = fs.readFileSync(`${__dirname}/../usage.txt`).toString();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
input = fs.readFileSync(pOpts.dataFile).toString();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let template = fs.readFileSync(opts.filename).toString();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(pOpts.outputFile, output);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs_1 = __importDefault(require("fs"));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let fs = require('fs');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let source = fs.readFileSync('lib/cjs/ejs.js', 'utf8').toString();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync('lib/cjs/ejs.js', source);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let utilsSource = fs.readFileSync('lib/cjs/utils.js', 'utf8').toString();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync('lib/cjs/utils.js', utilsSource);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let parseargsSource = fs.readFileSync('lib/cjs/parseargs.js', 'utf8').toString();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync('lib/cjs/parseargs.js', parseargsSource);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync('lib/cjs/package.json', '{"type":"commonjs"}');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync('out/CNAME', 'api.ejs.co');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(path.join(fixtureDir, 'package.json'), JSON.stringify({
private: true,
type: 'module'
}, null, 2));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(path.join(fixtureDir, 'cjs-smoke.cjs'), [
'const assert = require("assert");',
'const ejs = require("ejs");',
'assert.equal(typeof ejs.render, "function");',
'assert.equal(ejs.render("<%= name %>", {name: "<>&"}), "<>&");',
''
].join('\n'));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(path.join(fixtureDir, 'esm-smoke.mjs'), [
'import assert from "node:assert/strict";',
'import ejs from "ejs";',
'assert.equal(typeof ejs.render, "function");',
'assert.equal(ejs.render("<%= name %>", {name: "<>&"}), "<>&");',
''
].join('\n'));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(path.join(fixtureDir, 'template.ejs'), 'Hello <%= name %>');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs_1 = __importDefault(require("fs"));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
eslint
npm dependencyexpand_more 13 low-confidence finding(s)
results.source = fs.readFileSync(filePath, "utf-8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await writeFile(filePath, output);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const text = await fsp.readFile(filePath, {
encoding: "utf8",
signal: controller?.signal,
});
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (!process.env.ESLINT_FLAGS) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const envFlags = process.env.ESLINT_FLAGS.trim().split(/\s*,\s*/gu);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
retrier.retry(() => fs.writeFile(r.filePath, r.output)),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const enabled = !!process.env.TIMING;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (typeof process.env.TIMING !== "string") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (process.env.TIMING.toLowerCase() === "all") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const TIMING_ENV_VAR_AS_INTEGER = Number.parseInt(process.env.TIMING, 10);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let content = readFileSync(sourceFile, "utf8")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const data = await fs.promises.readFile(this.filePath, "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return fs.promises.writeFile(
this.filePath,
stringify(suppressions, { space: 2 }),
);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
eslint-plugin-expect-type
npm dependencyexpand_more 4 low-confidence finding(s)
return ts.sys.readFile(...args);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
readFile: (file) => import_node_fs.default.readFileSync(file, "utf8"),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return ts.sys.readFile(...args);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
readFile: (file) => fs.readFileSync(file, "utf8"),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
eslint-plugin-jsdoc
npm dependencyexpand_more 3 low-confidence finding(s)
readFileSync(join(import.meta.dirname, '../package.json'), 'utf8'),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
readFileSync(join(process.cwd(), './package.json'), 'utf8'),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
readFileSync(join(process.cwd(), 'node_modules', mod, './package.json'), 'utf8'),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
eslint-plugin-n
npm dependencyexpand_more 2 low-confidence finding(s)
ig.add(fs.readFileSync(filePath, "utf8"))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const text = fs.readFileSync(filePath, "utf8")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
eslint-plugin-unicorn
npm dependencyexpand_more 1 low-confidence finding(s)
packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf8'));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
eslint-release
npm dependencyexpand_more 16 low-confidence finding(s)
const fs = require("fs"),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return JSON.parse(fs.readFileSync(filePath, "utf8"));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (!process.env.NPM_TOKEN) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (!process.env.ESLINT_GITHUB_TOKEN) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(
"CHANGELOG.tmp",
releaseInfo.markdownChangelog
);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync("CHANGELOG.md", "");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const data = `${fs.readFileSync("CHANGELOG.tmp", "utf-8")}${fs.readFileSync("CHANGELOG.md", "utf-8")}`;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync("CHANGELOG.md.tmp", data);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(".eslint-release-info.json", JSON.stringify(releaseInfo, null, 4));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
gh = new GitHub({ token: process.env.ESLINT_GITHUB_TOKEN }),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const releaseInfo = JSON.parse(fs.readFileSync(".eslint-release-info.json", "utf8"));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
oldNpmrcContents = fs.readFileSync(".npmrc", "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(".npmrc", "//registry.npmjs.org/:_authToken=${NPM_TOKEN}");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (process.env.NPM_OTP && /^\d+$/.test(process.env.NPM_OTP)) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
command += ` --otp=${process.env.NPM_OTP}`;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(".npmrc", oldNpmrcContents);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
eslump
npm dependencyexpand_more 5 low-confidence finding(s)
const fs = require("fs");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
reproductionCode = fs.readFileSync(codePath, "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
reproductionDataString = fs.readFileSync(dataPath, "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(fullPath, content);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.NODE_ENV === "test"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
esprima
npm dependencyexpand_more 5 low-confidence finding(s)
fs = require('fs');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
run(fs.readFileSync(fname, 'utf-8'));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs = require('fs');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs = require('fs');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
content = fs.readFileSync(fname, 'utf-8');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs-teardown
npm dependencyexpand_more 17 low-confidence finding(s)
var require$$0$2 = require('fs');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var platform = process.env.GRACEFUL_FS_PLATFORM || process.platform;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
else if (/\bgfs4\b/i.test(process.env.NODE_DEBUG || ''))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (/\bgfs4\b/i.test(process.env.NODE_DEBUG || '')) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (process.env.TEST_GRACEFUL_FS_GLOBAL_PATCH && !fs$h.__patched) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs$7.writeFile(file, '', err => {
if (err) return callback(err)
callback();
});
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs$7.writeFileSync(file, '');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let content = fs.readFileSync(file, options);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return fs.writeFileSync(file, str, options)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (itDoes) return fs$2.writeFile(file, data, encoding, callback)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs$2.writeFile(file, data, encoding, callback);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return fs$2.writeFileSync(file, ...args)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs$2.writeFileSync(file, ...args);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return [4 /*yield*/, lib$1.writeFile(absoluteFilePath, content)];
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return [4 /*yield*/, lib$1.readFile(absolutePath)];
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
lib$1.readFileSync(absolutePath);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return [4 /*yield*/, lib$1.writeFile(absolutePath, content)];
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
gray-matter
npm dependencyexpand_more 2 low-confidence finding(s)
const fs = require('fs');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const str = fs.readFileSync(filepath, 'utf8');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
jiti
npm dependencyexpand_more 3 low-confidence finding(s)
if (nodeModule.enableCompileCache && !process.env.NODE_DISABLE_COMPILE_CACHE) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const rawSource = await readFile(filename, "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return JSON.parse(await readFile(packageJsonPath, "utf8"));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
lint-staged
npm dependencyexpand_more 20 low-confidence finding(s)
const packageJsonFile = await readFile(path.join(dirname, '../package.json'), 'utf-8')
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return await fs.readFile(filename)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await fs.writeFile(filename, buffer)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
readFile(this.mergeHeadFilename).then((buffer) => (this.mergeHeadBuffer = buffer)),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
readFile(this.mergeModeFilename).then((buffer) => (this.mergeModeBuffer = buffer)),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
readFile(this.mergeMsgFilename).then((buffer) => (this.mergeMsgBuffer = buffer)),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
this.mergeHeadBuffer && writeFile(this.mergeHeadFilename, this.mergeHeadBuffer),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
this.mergeModeBuffer && writeFile(this.mergeModeFilename, this.mergeModeBuffer),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
this.mergeMsgBuffer && writeFile(this.mergeMsgFilename, this.mergeMsgBuffer),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const activeIndexFile = process.env.GIT_INDEX_FILE
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
? normalizePath(process.env.GIT_INDEX_FILE)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
: process.env.GIT_INDEX_FILE
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
debugLog('Unset GIT_LITERAL_PATHSPECS (was `%s`)', process.env.GIT_LITERAL_PATHSPECS)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
delete process.env.GIT_LITERAL_PATHSPECS
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const readFile = async (filename) => fs.readFile(path.resolve(filename), 'utf-8')
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
debugLog('Unset GIT_DIR (was `%s`)', process.env.GIT_DIR)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
delete process.env.GIT_DIR
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
debugLog('Unset GIT_WORK_TREE (was `%s`)', process.env.GIT_WORK_TREE)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
delete process.env.GIT_WORK_TREE
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const packageJson = JSON.parse(await fs.readFile(new URL('../package.json', import.meta.url)))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
markdown-it
npm dependencyexpand_more 3 low-confidence finding(s)
version: JSON.parse(fs.readFileSync(new URL('../package.json', import.meta.url))).version
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.readFile(filename, encoding, callback)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(options.output, output)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
markdownlint-cli2
npm dependencyexpand_more 5 low-confidence finding(s)
const readJsonc = (/** @type {string} */ file, /** @type {FsLike} */ fs) => fs.promises.readFile(file, utf8).then(jsoncParse);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const readToml = (/** @type {string} */ file, /** @type {FsLike} */ fs) => fs.promises.readFile(file, utf8).then(tomlParse);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const readYaml = (/** @type {string} */ file, /** @type {FsLike} */ fs) => fs.promises.readFile(file, utf8).then(yamlParse);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
subTasks.push(fs.promises.readFile(fileName, utf8).
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return fs.promises.writeFile(fileName, fixed, utf8);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
mocha
npm dependencyexpand_more 16 low-confidence finding(s)
require("js-yaml").load(fs.readFileSync(filepath, "utf8")),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
require("strip-json-comments")(fs.readFileSync(filepath, "utf8")),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const css = fs.readFileSync(path.join(srcdir, "mocha.css"));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const js = fs.readFileSync(path.join(srcdir, "mocha.js"));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const tmpl = fs.readFileSync(
path.join(srcdir, "lib", "browser", "template.html"),
);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(path.join(destdir, "mocha.css"), css);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(path.join(destdir, "mocha.js"), js);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(path.join(destdir, "tests.spec.js"), "");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(path.join(destdir, "index.html"), tmpl);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
configData = fs.readFileSync(filepath, "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const envConfig = parse(process.env.MOCHA_OPTIONS || "");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
(supportsColor.stdout || process.env.MOCHA_COLORS !== undefined);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(output, json);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
r = process.env.DEBUG;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
(supportsColor.stdout || process.env.MOCHA_COLORS !== undefined);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(output, json);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
npm-license
npm dependencyexpand_more 1 low-confidence finding(s)
var fs = require('fs');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
prettier
npm dependencyexpand_more 57 low-confidence finding(s)
if (process.env.PRETTIER_EXPERIMENTAL_CLI || index !== -1) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import { createWriteStream } from "fs";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs from "fs";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return dist_default.retry.readFile(retryOptions)(filePath, options);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import { statSync, realpathSync } from "fs";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs2 from "fs";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
string2 = fs2.readFileSync(path3.toNamespacedPath(jsonPath), "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs3 from "fs";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const content = fs3.readFileSync(filePath, "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return fs3.writeFileSync(filePath, content);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs from "fs";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs2 from "fs";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const buffer2 = attempt(() => fs2.readFileSync(path18), Buffer2.alloc(0));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs3 from "fs";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs4 from "fs";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const content = fs4.readFileSync(filePath, "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return fs4.writeFileSync(filePath, content);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs5 from "fs";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
string2 = fs5.readFileSync(path4.toNamespacedPath(jsonPath), "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import { statSync, realpathSync } from "fs";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs6 from "fs";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs7 from "fs";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs8 from "fs";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const store = JSON.parse(fs8.readFileSync(this.storePath, "utf8"));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs8.writeFileSync(this.storePath, store);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const content = fs8.readFileSync(filePath);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs9 from "fs/promises";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return fs9.readFile(filePath, "utf8").then(parse_default2).catch(noop2);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs10 from "fs/promises";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return fs10.readFile(filePath, "utf8").catch(noop2);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs11 from "fs";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fileContent = fs11.readFileSync(filePath, "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fileContent = fs11.readFileSync(filePath, "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fileBuffer = fs11.readFileSync(filePath);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fileContent = fs11.readFileSync(filePath, "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fileContent = fs11.readFileSync(filePath, "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs12 from "fs";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import { createWriteStream } from "fs";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return dist_default36.retry.readFile(retryOptions)(filePath, options);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs13 from "fs/promises";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const ignoreManualFilesContents = await Promise.all(ignoreManualFilesPaths.map((filePath) => fs13.readFile(filePath, "utf8").catch(() => "")));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const prettierManualFilesContents = await Promise.all(prettierManualFilesPaths.map((filePath) => fs13.readFile(filePath, "utf8")));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs from "fs/promises";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs9 from "fs/promises";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs4 from "fs/promises";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs3 from "fs";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs2 from "fs";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const data = await fs4.readFile(cacheFile, "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs7 from "fs";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs6 from "fs";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs5 from "fs";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const data = fs5.readFileSync(pathToFile, "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs5.writeFileSync(filePath, data);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const buffer = fs6.readFileSync(absolutePath);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs8 from "fs/promises";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
writeFormattedFile: (file, data) => fs8.writeFile(file, data)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
input = await fs9.readFile(filename, "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
proxyquire
npm dependencyexpand_more 6 low-confidence finding(s)
var fs = require('fs')
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs')
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.readFileSync(module).toString()
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.readFileSync(tests).toString()
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs')
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs')
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
semver
npm dependencyexpand_more 2 low-confidence finding(s)
process.env.NODE_DEBUG &&
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
/\bsemver\b/i.test(process.env.NODE_DEBUG)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
shelljs
npm dependencyexpand_more 49 low-confidence finding(s)
var fs = require('fs');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
cat += fs.readFileSync(file, 'utf8');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (!process.env.OLDPWD) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
dir = process.env.OLDPWD;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.OLDPWD = curDir;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
delete process.env.OLDPWD; // initially, there's no previous directory
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var serializedParams = fs.readFileSync(paramFilePath, 'utf8');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(filePath, data, {
encoding: 'utf8',
mode: parseInt('600', 8),
});
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
stdout = fs.readFileSync(stdoutFile);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
stderr = fs.readFileSync(stderrFile);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
stdout = fs.readFileSync(stdoutFile, opts.encoding);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
stderr = fs.readFileSync(stderrFile, opts.encoding);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var contents = file === '-' ? pipe : fs.readFileSync(file, 'utf8');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
contents = fs.readFileSync(file, 'utf8');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var contents = file === '-' ? pipe : fs.readFileSync(file, 'utf8');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(file, result, 'utf8');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var contents = file === '-' ? pipe : fs.readFileSync(file, 'utf8');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var contents = file === '-' ? pipe : fs.readFileSync(file, 'utf8');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(testFile, ' ');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
writeableDir(process.env.TMPDIR) ||
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
writeableDir(process.env.TEMP) ||
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
writeableDir(process.env.TMP) ||
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
writeableDir(process.env.Wimp$ScrapDir) || // RiscOS
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(file, this.stdout || this.toString(), 'utf8');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var lines = (input ? fs.readFileSync(input, 'utf8') : pipe)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = require('fs');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var pathArray = splitPath(process.env.PATH);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var pathExtEnv = process.env.PATHEXT || XP_DEFAULT_PATHEXT;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
typescript
npm dependencyexpand_more 10 low-confidence finding(s)
var import_fs = __toESM(require("fs"));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const envLogOptions = parseLoggingEnvironmentString(process.env.TSS_LOG);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const traceDir = commandLineTraceDir ? (0, typescript_exports.stripQuotes)(commandLineTraceDir) : process.env.TSS_TRACE;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (process.env.XDG_CACHE_HOME) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return process.env.XDG_CACHE_HOME;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const homePath = import_os.default.homedir && import_os.default.homedir() || process.env.HOME || (process.env.LOGNAME || process.env.USER) && `/${usersDir}/${process.env.LOGNAME || process.env.USER}` || import_os.default.tmpdir();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = __toESM(require("fs"));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const content = JSON.parse(host.readFile(typesRegistryFilePath));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var fs = __toESM(require("fs"));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
webpack
npm dependencyexpand_more 29 low-confidence finding(s)
(this.outputFileSystem).writeFile(targetPath, content, (err) => {
if (err) return callback(err);
// information marker that the asset has been emitted
compilation.emittedAssets.add(file);
// cache the information that the Source has been written to that location
const newGeneration =
targetFileGeneration === undefined
? 1
: targetFileGeneration + 1;
/** @type {CacheEntry} */
(cacheEntry).writtenTo.set(targetPath, newGeneration);
this._assetEmittingWrittenFiles.set(targetPath, newGeneration);
this.hooks.assetEmitted.callAsync(
file,
{
content,
source,
outputPath,
compilation,
targetPath
},
callback
);
});
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return /** @type {OutputFileSystem} */ (
this.outputFileSystem
).readFile(targetPath, (err, existingContent) => {
if (
err ||
!content.equals(/** @type {Buffer} */ (existingContent))
) {
return doWrite(content);
}
return alreadyWritten();
});
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
(this.outputFileSystem).writeFile(
/** @type {string} */ (this.recordsOutputPath),
JSON.stringify(
this.records,
(n, value) => {
if (
typeof value === "object" &&
value !== null &&
!Array.isArray(value)
) {
const keys = Object.keys(value);
if (!isSorted(keys)) {
return sortObject(value, keys);
}
}
return value;
},
2
),
callback
);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
(this.inputFileSystem).readFile(
/** @type {string} */
(this.recordsInputPath),
(err, content) => {
if (err) return callback(err);
try {
this.records =
/** @type {Records} */
(parseJson(/** @type {Buffer} */ (content).toString("utf8")));
} catch (parseErr) {
return callback(
new Error(
`Cannot parse records: ${
/** @type {Error} */ (parseErr).message
}`
)
);
}
return callback(null);
}
);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env[key]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
? process.env[key]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.readFile(file, (err, content) => {
if (err) reject(err);
else resolve(/** @type {Buffer} */ (content).toString() || "");
});
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env[key] !== undefined
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
? process.env[key]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
this.fs.readFile(path, (err, content) => {
if (err) return callback(err);
try {
const context = dirname(this.fs, path);
const source = /** @type {Buffer} */ (content).toString();
const [imports] = lexer.parse(source);
/** @type {Set<string>} */
const added = new Set();
for (const imp of imports) {
try {
// import.meta
if (imp.d === -2) {
continue;
}
/** @type {string | null} */
const dependency =
imp.n ||
parseString(source.slice(imp.s, imp.e).trim());
if (!dependency) {
continue;
}
// We should not track Node.js build dependencies
if (dependency.startsWith("node:")) continue;
if (builtinModules.has(dependency)) continue;
// Avoid extra jobs for identical imports
if (added.has(dependency)) continue;
push({
type: RBDT_RESOLVE_ESM_FILE,
context,
path: dependency,
expected: imp.d > -1 ? false : undefined,
issuer: job
});
added.add(dependency);
} catch (err1) {
logger.warn(
`Parsing of ${path} for build dependencies failed at 'import(${source.slice(
imp.s,
imp.e
)})'.\n` +
"Build dependencies behind this expression are ignored and might cause incorrect cache invalidation."
);
logger.debug(pathToString(job));
logger.debug(/** @type {Error} */ (err1).stack);
}
}
} catch (err2) {
logger.warn(
`Parsing of ${path} for build dependencies failed and all dependencies of this file are ignored, which might cause incorrect cache invalidation..`
);
logger.debug(pathToString(job));
logger.debug(/** @type {Error} */ (err2).stack);
}
process.nextTick(callback);
});
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
this.fs.readFile(packageJson, (err, content) => {
if (err) {
if (err.code === "ENOENT") {
resolveMissing.add(packageJson);
const parent = dirname(this.fs, packagePath);
if (parent !== packagePath) {
push({
type: RBDT_DIRECTORY_DEPENDENCIES,
context: undefined,
path: parent,
expected: undefined,
issuer: job
});
}
callback();
return;
}
return callback(err);
}
resolveFiles.add(packageJson);
/** @type {JsonObject} */
let packageData;
try {
packageData = JSON.parse(
/** @type {Buffer} */
(content).toString("utf8")
);
} catch (parseErr) {
return callback(/** @type {Error} */ (parseErr));
}
const depsObject = packageData.dependencies;
const optionalDepsObject = packageData.optionalDependencies;
/** @type {Set<string>} */
const allDeps = new Set();
/** @type {Set<string>} */
const optionalDeps = new Set();
if (typeof depsObject === "object" && depsObject) {
for (const dep of Object.keys(depsObject)) {
allDeps.add(dep);
}
}
if (
typeof optionalDepsObject === "object" &&
optionalDepsObject
) {
for (const dep of Object.keys(optionalDepsObject)) {
allDeps.add(dep);
optionalDeps.add(dep);
}
}
for (const dep of allDeps) {
push({
type: RBDT_RESOLVE_DIRECTORY,
context: packagePath,
path: dep,
expected: !optionalDeps.has(dep),
issuer: job
});
}
callback();
});
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
this.fs.readFile(path, (err, content) => {
if (err) {
if (err.code === "EISDIR") {
this._fileHashes.set(path, "directory");
return callback(null, "directory");
}
if (err.code === "ENOENT") {
this._fileHashes.set(path, null);
return callback(null, null);
}
if (err.code === "ERR_FS_FILE_TOO_LARGE") {
/** @type {Logger} */
(this.logger).warn(`Ignoring ${path} for hashing as it's very large`);
this._fileHashes.set(path, "too large");
return callback(null, "too large");
}
return callback(/** @type {WebpackError} */ (err));
}
const hash = createHash(this._hashFunction);
hash.update(/** @type {string | Buffer} */ (content));
const digest = hash.digest("hex");
this._fileHashes.set(path, digest);
callback(null, digest);
});
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
this.fs.readFile(packageJsonPath, (err, content) => {
if (err) {
if (err.code === "ENOENT" || err.code === "ENOTDIR") {
// no package.json or path is not a directory
this.fs.readdir(path, (err, elements) => {
if (
!err &&
/** @type {string[]} */ (elements).length === 1 &&
/** @type {string[]} */ (elements)[0] === "node_modules"
) {
// This is only a grouping folder e.g. used by yarn
// we are only interested in existence of this special directory
this._managedItems.set(path, "*nested");
return callback(null, "*nested");
}
/** @type {Logger} */
(this.logger).warn(
`Managed item ${path} isn't a directory or doesn't contain a package.json (see snapshot.managedPaths option)`
);
return callback();
});
return;
}
return callback(/** @type {WebpackError} */ (err));
}
/** @type {JsonObject} */
let data;
try {
data = JSON.parse(/** @type {Buffer} */ (content).toString("utf8"));
} catch (parseErr) {
return callback(/** @type {WebpackError} */ (parseErr));
}
if (!data.name) {
/** @type {Logger} */
(this.logger).warn(
`${packageJsonPath} doesn't contain a "name" property (see snapshot.managedPaths option)`
);
return callback();
}
const info = `${data.name || ""}@${data.version || ""}`;
this._managedItems.set(path, info);
callback(null, info);
});
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fs = require("fs");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const packageInfo = JSON.parse(fs.readFileSync(pkgPath, "utf8"));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
(infrastructureLogging.stream).isTTY && process.env.TERM !== "dumb";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
(compiler.inputFileSystem).readFile(manifest, (err, result) => {
if (err) return callback(err);
/** @type {CompilationDataItem} */
const data = {
path: manifest,
data: undefined,
error: undefined
};
// Catch errors parsing the manifest so that blank
// or malformed manifest files don't kill the process.
try {
data.data =
/** @type {DllReferencePluginOptionsManifest} */
(
/** @type {unknown} */
(parseJson(/** @type {Buffer} */ (result).toString("utf8")))
);
} catch (parseErr) {
// Store the error in the params so that it can
// be added as a compilation error later on.
const manifestPath = makePathsRelative(
compiler.context,
manifest,
compiler.root
);
data.error = new DllManifestError(
manifestPath,
/** @type {Error} */ (parseErr).message
);
}
compilationData.set(params, data);
return callback();
});
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
intermediateFileSystem.writeFile(targetPath, buffer, callback);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.readFile(this.options.path, (err, buffer) => {
if (err) {
if (err.code !== "ENOENT") {
return callback(err);
}
return callback();
}
/** @type {JSONContent} */
const json = JSON.parse(/** @type {Buffer} */ (buffer).toString());
/** @type {Map<string, string | number | null>} */
data = new Map();
for (const key of Object.keys(json)) {
data.set(key, json[key]);
}
dataChanged = false;
return callback();
});
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFile(this.options.path, JSON.stringify(json), callback);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
loaderContext.fs.readFile(resourcePath, (err, result) => {
if (err) return callback(err);
loaderContext.addDependency(resourcePath);
callback(null, result);
});
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
this.options.proxy || process.env.http_proxy || process.env.HTTP_PROXY;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
intermediateFs.readFile(lockfileLocation, (err, buffer) => {
if (err && err.code !== "ENOENT") {
compilation.missingDependencies.add(lockfileLocation);
return callback(err);
}
compilation.fileDependencies.add(lockfileLocation);
compilation.fileSystemInfo.createSnapshot(
compiler.fsStartTime,
buffer ? [lockfileLocation] : [],
[],
buffer ? [] : [lockfileLocation],
{ timestamp: true },
(err, s) => {
if (err) return callback(err);
const lockfile = buffer
? Lockfile.parse(buffer.toString("utf8"))
: new Lockfile();
lockfileCache = {
lockfile,
snapshot: /** @type {Snapshot} */ (s)
};
callback(null, lockfile);
}
);
});
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
intermediateFs.writeFile(filePath, result.content, (err) => {
if (err) return callback(err);
callback(null, result);
});
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.readFile(filePath, (err, result) => {
if (err) {
if (err.code === "ENOENT") return doFetch();
return callback(err);
}
const content = /** @type {Buffer} */ (result);
/**
* Continue with cached content.
* @param {Buffer | undefined} _result result
* @returns {void}
*/
const continueWithCachedContent = (_result) => {
if (!upgrade) {
// When not in upgrade mode, we accept the result from the lockfile cache
return callback(null, { entry, content });
}
return doFetch(content);
};
if (!verifyIntegrity(content, entry.integrity)) {
/** @type {Buffer | undefined} */
let contentWithChangedEol;
let isEolChanged = false;
try {
contentWithChangedEol = Buffer.from(
content.toString("utf8").replace(/\r\n/g, "\n")
);
isEolChanged = verifyIntegrity(
contentWithChangedEol,
entry.integrity
);
} catch (_err) {
// ignore
}
if (isEolChanged) {
if (!warnedAboutEol) {
const explainer = `Incorrect end of line sequence was detected in the lockfile cache.
The lockfile cache is protected by integrity checks, so any external modification will lead to a corrupted lockfile cache.
When using git make sure to configure .gitattributes correctly for the lockfile cache:
**/*webpack.lock.data/** -text
This will avoid that the end of line sequence is changed by git on Windows.`;
if (frozen) {
logger.error(explainer);
} else {
logger.warn(explainer);
logger.info(
"Lockfile cache will be automatically fixed now, but when lockfile is frozen this would result in an error."
);
}
warnedAboutEol = true;
}
if (!frozen) {
// "fix" the end of line sequence of the lockfile content
logger.log(
`${filePath} fixed end of line sequence (\\r\\n instead of \\n).`
);
intermediateFs.writeFile(
filePath,
/** @type {Buffer} */
(contentWithChangedEol),
(err) => {
if (err) return callback(err);
continueWithCachedContent(
/** @type {Buffer} */
(contentWithChangedEol)
);
}
);
return;
}
}
if (frozen) {
return callback(
new Error(
`${
entry.resolved
} integrity mismatch, expected content with integrity ${
entry.integrity
} but got ${computeIntegrity(content)}.
Lockfile corrupted (${
isEolChanged
? "end of line sequence was unexpectedly changed"
: "incorrectly merged? changed by other tools?"
}).
Run build with un-frozen lockfile to automatically fix lockfile.`
)
);
}
// "fix" the lockfile entry to the correct integrity
// the content has priority over the integrity value
entry = {
...entry,
integrity: computeIntegrity(content)
};
storeLockEntry(lockfile, url, entry);
}
continueWithCachedContent(result);
});
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
intermediateFs.writeFile(
filePath,
/** @type {Buffer} */
(contentWithChangedEol),
(err) => {
if (err) return callback(err);
continueWithCachedContent(
/** @type {Buffer} */
(contentWithChangedEol)
);
}
);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
intermediateFs.readFile(lockfileLocation, (err, buffer) => {
if (err && err.code !== "ENOENT") {
writeDone();
return callback(err);
}
const lockfile = buffer
? Lockfile.parse(buffer.toString("utf8"))
: new Lockfile();
for (const [key, value] of /** @type {LockfileUpdates} */ (
lockfileUpdates
)) {
lockfile.entries.set(key, value);
}
intermediateFs.writeFile(
tempFile,
lockfile.toString(),
(err) => {
if (err) {
writeDone();
return (
/** @type {NonNullable<IntermediateFileSystem["unlink"]>} */
(intermediateFs.unlink)(tempFile, () => callback(err))
);
}
intermediateFs.rename(tempFile, lockfileLocation, (err) => {
if (err) {
writeDone();
return (
/** @type {NonNullable<IntermediateFileSystem["unlink"]>} */
(intermediateFs.unlink)(tempFile, () => callback(err))
);
}
writeDone();
callback();
});
}
);
});
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
intermediateFs.writeFile(
tempFile,
lockfile.toString(),
(err) => {
if (err) {
writeDone();
return (
/** @type {NonNullable<IntermediateFileSystem["unlink"]>} */
(intermediateFs.unlink)(tempFile, () => callback(err))
);
}
intermediateFs.rename(tempFile, lockfileLocation, (err) => {
if (err) {
writeDone();
return (
/** @type {NonNullable<IntermediateFileSystem["unlink"]>} */
(intermediateFs.unlink)(tempFile, () => callback(err))
);
}
writeDone();
callback();
});
}
);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.readFile(p, (err, buf) => {
if (err) return callback(err);
/** @type {JsonObject} */
let data;
try {
data = JSON.parse(/** @type {Buffer} */ (buf).toString("utf8"));
} catch (err1) {
return callback(/** @type {Error} */ (err1));
}
return callback(null, data);
});
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
webpack-cli
npm dependencyexpand_more 14 low-confidence finding(s)
if (!process.env.WEBPACK_CLI_SKIP_IMPORT_LOCAL && require("import-local")(__filename)) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (process.env.WEBPACK_CLI_START_FINISH_FORCE_LOG) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const WEBPACK_PACKAGE_IS_CUSTOM = Boolean(process.env.WEBPACK_PACKAGE);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
? process.env.WEBPACK_PACKAGE
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const WEBPACK_DEV_SERVER_PACKAGE_IS_CUSTOM = Boolean(process.env.WEBPACK_DEV_SERVER_PACKAGE);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
? process.env.WEBPACK_DEV_SERVER_PACKAGE
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
helpWidth: typeof process.env.WEBPACK_CLI_HELP_WIDTH !== "undefined"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
? Number.parseInt(process.env.WEBPACK_CLI_HELP_WIDTH, 10)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const source = await node_fs_1.default.promises.readFile(configFilePath, "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
(process.env.NODE_ENV === "development" ||
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.NODE_ENV === "production" ||
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.NODE_ENV === "none")) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
configuration.mode = process.env.NODE_ENV;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.NODE_ENV = options.configNodeEnv;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
yorkie
npm dependencyexpand_more 17 low-confidence finding(s)
const fs = require('fs')
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(path.join(dir, filePath), data)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return fs.readFileSync(path.join(dir, filePath), 'utf-8')
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (isCI && !process.env.HUSKY_IGNORE_CI && !process.env.YORKIE_IGNORE_CI) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (process.env.HUSKY_SKIP_INSTALL || process.env.YORKIE_SKIP_INSTALL) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
`env variable HUSKY_SKIP_INSTALL is set to ${process.env
.HUSKY_SKIP_INSTALL}, skipping Git hooks installation`
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fs = require('fs')
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(filename, data)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fs = require('fs')
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const pkg = fs.readFileSync(path.join(cwd, 'package.json'))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fs = require('fs')
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fs = require('fs')
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const gitFileData = fs.readFileSync(gitDir, 'utf-8')
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fs = require('fs')
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const home = normalize(process.env.HOME)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fs = require('fs')
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return fs.readFileSync(filename, 'utf-8')
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
Skipped dependencies
Production
- @eslint/config-array prod — dist-only: no readable source
- @eslint/config-helpers prod — dist-only: no readable source
- @eslint/core prod — dist-only: no readable source
- @eslint/plugin-kit prod — dist-only: no readable source
- @humanwhocodes/retry prod — dist-only: no readable source
- file-entry-cache prod — dist-only: no readable source
- minimatch prod — dist-only: no readable source
- eslint-plugin-regexp prod — dist-only: no readable source
Development
- @arethetypeswrong/cli dev — dist-only: no readable source
- @cypress/webpack-preprocessor dev — dist-only: no readable source
- @eslint/json dev — dist-only: no readable source
- @typescript-eslint/parser dev — dist-only: no readable source
- eslint-plugin-eslint-plugin dev — dist-only: no readable source
- glob dev — dist-only: no readable source
- got dev — dist-only: no readable source