Close Open Privacy Scan
App Privacy Score
High risk · 1132 finding(s)
Dependency score: 22 (High risk)
bar_chart Score Breakdown
list Scan Summary
swap_horiz Confirmed data exfiltration in application code
External domains:
169.254.170.2accounts.google.comaccounts.spotify.comaccounts.x.aiai-gateway.vercel.shai-sdk.devaiplatform.googleapis.comanoma.lyapi.anthropic.comapi.cerebras.aiapi.cloudflare.comapi.cohere.comapi.deepinfra.comapi.deepseek.comapi.digitalocean.comapi.emailoctopus.comapi.fireworks.aiapi.github.comapi.githubcopilot.comapi.groq.comapi.honeycomb.ioapi.kilo.aiapi.llmgateway.ioapi.login.yahoo.comapi.meuprovedor.comapi.minudbyder.dkapi.miproveedor.comapi.mistral.aiapi.mojdostawca.comapi.mojprovajder.comapi.monfournisseur.comapi.myprovider.comapi.openai.comapi.opencode.aiapi.perplexity.aiapi.releases.hashicorp.comapi.saglayicim.comapi.together.xyzapi.v0.devapi.venice.aiapi.x.aiapi.x.comapp.opencode.aiappleid.apple.comapplink.feishu.cnauth.openai.comauth.x.aibedrock-agent-runtime.us-west-2.amazonaws.combedrock-mantle.us-east-1.api.awsbedrock-runtime.us-east-1.amazonaws.combit.lychatgpt.comcloud.digitalocean.comcloud.gitlab.comcommunity.chocolatey.orgcompany.ghe.comconsole.opencode.aidashboard.stripe.comdashscope-intl.aliyuncs.comdev.opencode.aidevelopers.cloudflare.comdiscord.comdiscord.ggdocs.cloud.google.comdocs.github.comdocs.solidjs.comdownload-cdn.jetbrains.comemail.us-east-1.amazonaws.comenterprise.opencode.aifonts.googleapis.comformulae.brew.shgateway.ai.cloudflare.comgenerativelanguage.googleapis.comgithub.comgitlab.comgoogle.aip.devgraph.facebook.comgraph.microsoft.comid.twitch.tvinference.baseten.coinference.do-ai.runintegrate.api.nvidia.comjson-schema.orglogin.microsoftonline.commcp.exa.aimodels.devoauth.id.jumpcloud.comoauth2.googleapis.comopenauth.js.orgopencode.aiopencode.internalopencode.localopenrouter.aiopncd.aiorm.drizzle.teamplacehold.coraw.githubusercontent.comregistry.npmjs.orgs3-fips.dualstacks3-fips.dualstack.us-east-1s3-fips.us-east-1s3.amazonaws.coms3.dualstacks3.dualstack.us-east-1s3express-control-fips.dualstacks3express-control.dualstackschema.orgsearch.parallel.aislack.comsocial-cards.sst.devsolidjs.comsst.devstripe.comsupabase.comtoken.actions.githubusercontent.comtools.google.comtwitter.comus.i.posthog.comvercel.comvercel.linkvia.placeholder.comwww.allaboutcookies.orgwww.allaboutdnt.comwww.eclipse.orgwww.facebook.comwww.google.comwww.googleapis.comwww.sitemaps.orgwww.terminal.shopwww.typescriptlang.orgwww.w3.orgwww.youtube.comx.comzenmux.ai
repo/script/github/close-issues.ts:7 → repo/script/github/close-issues.ts:45repo/script/github/close-issues.ts:7 → repo/script/github/close-issues.ts:52repo/script/github/close-issues.ts:7 → repo/script/github/close-issues.ts:67repo/packages/core/src/session/compaction.ts:176 → repo/packages/core/src/session/compaction.ts:197repo/packages/opencode/src/plugin/xai.ts:149 → repo/packages/opencode/src/plugin/xai.ts:149repo/packages/opencode/src/plugin/xai.ts:168 → repo/packages/opencode/src/plugin/xai.ts:168repo/packages/opencode/src/plugin/xai.ts:251 → repo/packages/opencode/src/plugin/xai.ts:251repo/packages/stats/app/src/routes/api/newsletter.ts:20 → repo/packages/stats/app/src/routes/api/newsletter.ts:17repo/packages/console/app/src/component/email-signup.tsx:13 → repo/packages/console/app/src/component/email-signup.tsx:10repo/packages/console/app/src/lib/salesforce.ts:63 → repo/packages/console/app/src/lib/salesforce.ts:54repo/packages/console/app/src/routes/api/enterprise.ts:42 → repo/packages/console/app/src/routes/api/enterprise.ts:39repo/.opencode/tool/github-pr-search.ts:7 → repo/.opencode/tool/github-pr-search.ts:4repo/.opencode/tool/github-triage.ts:26 → repo/.opencode/tool/github-triage.ts:23repo/script/github/close-issues.ts:7 → repo/script/github/close-issues.ts:75repo/script/github/close-issues.ts:7 → repo/script/github/close-issues.ts:82repo/script/github/close-issues.ts:7 → repo/script/github/close-issues.ts:87repo/packages/slack/src/index.ts:12 → repo/packages/slack/src/index.ts:12repo/packages/slack/src/index.ts:13 → repo/packages/slack/src/index.ts:13repo/packages/slack/src/index.ts:14 → repo/packages/slack/src/index.ts:14repo/packages/opencode/src/cli/cmd/github.handler.ts:471 → repo/packages/opencode/src/cli/cmd/github.handler.ts:483repo/packages/opencode/src/cli/cmd/github.handler.ts:471 → repo/packages/opencode/src/cli/cmd/github.handler.ts:791repo/packages/opencode/src/cli/cmd/github.handler.ts:471 → repo/packages/opencode/src/cli/cmd/github.handler.ts:1169repo/packages/opencode/src/cli/cmd/github.handler.ts:471 → repo/packages/opencode/src/cli/cmd/github.handler.ts:1583repo/packages/opencode/src/session/llm/native-runtime.ts:92 → repo/packages/opencode/src/session/llm/native-runtime.ts:90repo/packages/console/app/src/lib/salesforce.ts:57 → repo/packages/console/app/src/lib/salesforce.ts:54repo/packages/console/function/src/auth.ts:114 → repo/packages/console/function/src/auth.ts:112repo/packages/console/function/src/auth.ts:121 → repo/packages/console/function/src/auth.ts:119repo/packages/console/function/src/log-processor.ts:72 → repo/packages/console/function/src/log-processor.ts:68hub Dependency data flows (12)
pkgs/npm/[email protected]__reposrc/demos/mcp-stytch-b2b-okr-manager/update-policy.js:145 → pkgs/npm/[email protected]__reposrc/demos/mcp-stytch-b2b-okr-manager/update-policy.js:151pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110 → pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110pkgs/npm/[email protected]__reposrc/demos/remote-mcp-auth0/mcp-auth0-oidc/src/index.ts:26 → pkgs/npm/[email protected]__reposrc/demos/remote-mcp-auth0/mcp-auth0-oidc/src/index.ts:23pkgs/npm/[email protected]__reposrc/demos/remote-mcp-auth0/mcp-auth0-oidc/src/index.ts:56 → pkgs/npm/[email protected]__reposrc/demos/remote-mcp-auth0/mcp-auth0-oidc/src/index.ts:54pkgs/npm/[email protected]__reposrc/demos/structured-output-node/src/index.ts:15 → pkgs/npm/[email protected]__reposrc/demos/structured-output-node/src/index.ts:34pkgs/npm/[email protected]__reposrc/packages/tanstack-ai/src/utils/create-fetcher.ts:244 → pkgs/npm/[email protected]__reposrc/packages/tanstack-ai/src/utils/create-fetcher.ts:255pkgs/npm/[email protected]__reposrc/packages/tanstack-ai/src/utils/workers-ai-rest.ts:34 → pkgs/npm/[email protected]__reposrc/packages/tanstack-ai/src/utils/workers-ai-rest.ts:31pkgs/npm/[email protected]__reposrc/packages/tanstack-ai/src/utils/workers-ai-rest.ts:74 → pkgs/npm/[email protected]__reposrc/packages/tanstack-ai/src/utils/workers-ai-rest.ts:71pkgs/npm/[email protected]__reposrc/packages/workers-ai-provider/src/utils.ts:243 → pkgs/npm/[email protected]__reposrc/packages/workers-ai-provider/src/utils.ts:240pkgs/npm/@[email protected]/src/provider/oauth2.ts:193 → pkgs/npm/@[email protected]/src/provider/oauth2.ts:193pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-237-reasoning-linebreaks.test.ts:19 → pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-237-reasoning-linebreaks.test.ts:95pkgs/npm/@[email protected]__reposrc/e2e/video-generation.test.ts:18 → pkgs/npm/@[email protected]__reposrc/e2e/video-generation.test.ts:16</> First-Party Code
first-party (npm): packages/opencode
npm first-party const response = await fetch(options.tokenUrl ?? TOKEN_URL, {
method: "POST",
headers: authHeaders(),
body: new URLSearchParams({
grant_type: "authorization_code",
code,
redirect_uri: REDIRECT_URI,
client_id: CLIENT_ID,
code_verifier: pkce.verifier,
}).toString(),
})
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
const response = await fetch(options.tokenUrl ?? TOKEN_URL, {
method: "POST",
headers: authHeaders(),
body: new URLSearchParams({
grant_type: "refresh_token",
refresh_token: refreshToken,
client_id: CLIENT_ID,
}).toString(),
})
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
const response = await fetch(options.tokenUrl ?? TOKEN_URL, {
method: "POST",
headers: authHeaders(),
body: new URLSearchParams({
grant_type: DEVICE_CODE_GRANT_TYPE,
client_id: CLIENT_ID,
device_code: device.device_code,
}).toString(),
})
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
const out = yield* Snapshot.Service.use((svc) => svc.track())
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
octoGraph = graphql.defaults({
headers: { authorization: `token ${appToken}` },
})
A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.
Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.
const res = await fetch(url, {
headers: {
Authorization: `Bearer ${appToken}`,
Accept: "application/vnd.github.v3+json",
},
})
A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.
Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.
console.log(` permission: ${permission}`)
PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.
Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.
await fetch("https://api.github.com/installation/token", {
method: "DELETE",
headers: {
Authorization: `Bearer ${appToken}`,
Accept: "application/vnd.github+json",
"X-GitHub-Api-Version": "2022-11-28",
},
})
A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.
Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.
return scope.track(typeof dispose === "function" ? (dispose as () => void) : undefined)
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
return scope.track(
attention.soundboard.registerPack({
...pack,
sounds: resolveHostAttentionSoundPaths(root, pack.sounds, { trim: true }),
}),
)
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
return scope.track(mode.push(value))
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
return scope.track(api.route.register(list))
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
return scope.track(api.event.on(type, handler))
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
scope.track(host.register({ ...plugin, id }))
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
const request = LLMNative.request({
model: input.model,
apiKey: current.apiKey,
baseURL: current.baseURL,
messages: ProviderTransform.message(input.messages, input.model, input.providerOptions ?? {}),
toolChoice: input.toolChoice,
temperature: input.temperature,
topP: input.topP,
topK: input.topK,
maxOutputTokens: input.maxOutputTokens,
providerOptions: ProviderTransform.providerOptions(input.model, input.providerOptions ?? {}),
headers: { ...providerHeaders(input.provider.options.headers), ...input.headers },
})
A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.
Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.
const initialSnapshot = yield* snapshot.track()
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
if (!ctx.snapshot) ctx.snapshot = yield* snapshot.track()
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
const completedSnapshot = yield* snapshot.track()
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
rev.snapshot = session.revert?.snapshot ?? (yield* snap.track())
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
return yield* InstanceState.useEffect(state, (s) => s.track())
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
expand_more 209 low-confidence finding(s)
const fs = require("fs")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const envPath = process.env.OPENCODE_BIN_PATH
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return /(^|\s)avx2(\s|$)/i.test(fs.readFileSync("/proc/cpuinfo", "utf8"))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs from "fs"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await $`gh release upload v${Script.version} ./dist/*.zip ./dist/*.tar.gz --clobber --repo ${process.env.GH_REPO}`
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const modelsUrl = process.env.OPENCODE_MODELS_URL || "https://models.dev"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
export const modelsData = process.env.MODELS_DEV_API_JSON
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
? await Bun.file(process.env.MODELS_DEV_API_JSON).text()
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs from "fs"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const packageJson = JSON.parse(fs.readFileSync(path.join(__dirname, "package.json"), "utf8"))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return /(^|\s)avx2(\s|$)/i.test(fs.readFileSync("/proc/cpuinfo", "utf8"))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const token = process.env.GITHUB_TOKEN
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
value: process.env.OPENAI_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
HttpClientRequest.post(`${row.url}/auth/device/token`).pipe(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpClientRequest.post(`${normalizedServer}/auth/device/code`).pipe(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpClientRequest.post(`${input.server}/auth/device/token`).pipe(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const enabled = process.env.OPENCODE_ACP_PROFILE === "1"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (process.env.OPENCODE_AUTH_CONTENT) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return JSON.parse(process.env.OPENCODE_AUTH_CONTENT)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.OPENCODE_CLIENT = "acp"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs from "fs/promises"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const termProgram = process.env.TERM_PROGRAM
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
? `${process.env.TERM_PROGRAM}${process.env.TERM_PROGRAM_VERSION ? ` ${process.env.TERM_PROGRAM_VERSION}` : ""}`
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const terminal = [termProgram, process.env.TERM].filter((item): item is string => Boolean(item)).join(" / ")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const variant = process.env["VARIANT"] || undefined
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const githubToken = process.env["GITHUB_TOKEN"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const value = process.env["MODEL"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const value = process.env["GITHUB_RUN_ID"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const value = process.env["SHARE"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const value = process.env["USE_GITHUB_TOKEN"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const value = process.env["OIDC_BASE_URL"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const customPrompt = process.env["PROMPT"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const mentions = (process.env["MENTIONS"] || "/opencode,/oc")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await fetch("https://api.github.com/installation/token", {
method: "DELETE",
headers: {
Authorization: `Bearer ${appToken}`,
Accept: "application/vnd.github+json",
"X-GitHub-Api-Version": "2022-11-28",
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
if (process.env[envVar]) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const root = Filesystem.resolve(process.env.PWD ?? process.cwd())
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs from "fs"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs from "fs"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (!process.env.OPENCODE_DIRECT_TRACE) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(
latest(),
text({
time: new Date().toISOString(),
pid: process.pid,
cwd: process.cwd(),
argv: process.argv.slice(2),
path: target,
}) + "\n",
)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
export function resolveThreadDirectory(project?: string, envPWD = process.env.PWD, cwd = process.cwd()) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs from "fs/promises"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const shell = path.basename(process.env.SHELL || "bash")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const xdgConfig = process.env.XDG_CONFIG_HOME || path.join(home, ".config")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fsNode from "fs/promises"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import { existsSync } from "fs"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await fsNode.writeFile(path.join(Global.Path.config, "config.json"), JSON.stringify(result, null, 2))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (process.env.OPENCODE_CONFIG_CONTENT) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const next = yield* loadConfig(process.env.OPENCODE_CONFIG_CONTENT, {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env["OPENCODE_CONSOLE_TOKEN"] = tokenOpt.value
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import { existsSync } from "fs"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return path.join(process.env.ProgramData || "C:\\ProgramData", "opencode")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return process.env.OPENCODE_TEST_MANAGED_CONFIG_DIR || systemManagedConfigDir()
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return (input.env?.[varName] ?? process.env[varName]) || ""
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await writeFile(
DEV_DATA_TEMP_FILE,
JSON.stringify(
{
port,
id,
env,
},
null,
2,
),
)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
HttpClientRequest.post(route(url, "/sync/history"), {
headers: new Headers(headers),
body: HttpBody.jsonUnsafe(state),
}),
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
OTEL_EXPORTER_OTLP_HEADERS: process.env.OTEL_EXPORTER_OTLP_HEADERS,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
OTEL_EXPORTER_OTLP_ENDPOINT: process.env.OTEL_EXPORTER_OTLP_ENDPOINT,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
OTEL_RESOURCE_ATTRIBUTES: process.env.OTEL_RESOURCE_ATTRIBUTES,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
HttpClientRequest.post(route(target.url, "/vcs/apply"), {
headers: new Headers(target.headers),
body: HttpBody.jsonUnsafe({ patch: sourcePatch }),
}),
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpClientRequest.post(route(target.url, "/sync/replay"), {
headers: new Headers(target.headers),
body: HttpBody.jsonUnsafe({
directory: space.directory ?? "",
events,
}),
}),
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpClientRequest.post(route(target.url, "/sync/steal"), {
headers: new Headers(target.headers),
body: HttpBody.jsonUnsafe({ sessionID: input.sessionID }),
}),
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
if (process.env["TERM_PROGRAM"] === "vscode") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const v = process.env["GIT_ASKPASS"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return process.env["OPENCODE_CALLER"] === "vscode" || process.env["OPENCODE_CALLER"] === "vscode-insiders"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (opts.printLogs) process.env.OPENCODE_PRINT_LOGS = "1"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (opts.logLevel) process.env.OPENCODE_LOG_LEVEL = opts.logLevel
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.OPENCODE_PURE = "1"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.AGENT = "1"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.OPENCODE = "1"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.OPENCODE_PID = String(process.pid)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const response = yield* httpOk.execute(HttpClientRequest.get("https://opencode.ai/install"))
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpClientRequest.get("https://formulae.brew.sh/api/formula/opencode.json").pipe(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpClientRequest.get(
"https://community.chocolatey.org/api/v2/Packages?$filter=Id%20eq%20%27opencode%27%20and%20IsLatestVersion&$select=Version",
).pipe(HttpClientRequest.setHeaders({ Accept: "application/json;odata=verbose" })),
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpClientRequest.get(
"https://raw.githubusercontent.com/ScoopInstaller/Main/master/bucket/opencode.json",
).pipe(HttpClientRequest.setHeaders({ Accept: "application/json" })),
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpClientRequest.get("https://api.github.com/repos/anomalyco/opencode/releases/latest").pipe(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
import fs from "fs/promises"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const response = await fetch("https://github.com/microsoft/vscode-eslint/archive/refs/heads/main.zip")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const potentialVenvPaths = [process.env["VIRTUAL_ENV"], path.join(root, ".venv"), path.join(root, "venv")].filter(
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const potentialVenvPaths = [process.env["VIRTUAL_ENV"], path.join(root, ".venv"), path.join(root, "venv")].filter(
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const response = await fetch("https://github.com/elixir-lsp/elixir-ls/archive/refs/heads/master.zip")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const releaseResponse = await fetch("https://api.github.com/repos/zigtools/zls/releases/latest")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
process.env.DOTNET_CLI_HOME ?? os.homedir(),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.VSCODE_EXTENSIONS,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const releaseResponse = await fetch("https://api.github.com/repos/clangd/clangd/releases/latest")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const content = await fs.readFile(pomFiles[i], "utf-8").catch(() => null)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const download = await fetch(releaseURL)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const releaseResponse = await fetch("https://api.github.com/repos/Kotlin/kotlin-lsp/releases/latest")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const releaseResponse = await fetch("https://api.github.com/repos/LuaLS/lua-language-server/releases/latest")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const releaseResponse = await fetch("https://api.releases.hashicorp.com/v1/releases/terraform-ls/latest")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const response = await fetch("https://api.github.com/repos/latex-lsp/texlab/releases/latest")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const response = await fetch("https://api.github.com/repos/Myriad-Dreamin/tinymist/releases/latest")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return client.request({ method: "tools/list", params }, TolerantListToolsResultSchema, { timeout })
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
if (!process.env.AZURE_RESOURCE_NAME) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const prompts = !process.env.CLOUDFLARE_ACCOUNT_ID
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
...(!process.env.CLOUDFLARE_ACCOUNT_ID
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
...(!process.env.CLOUDFLARE_GATEWAY_ID
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const res = await fetch(`${DO_GENAI_API}/models/routers`, {
headers: {
Authorization: `Bearer ${bearer}`,
Accept: "application/json",
"User-Agent": `opencode/${InstallationVersion}`,
},
signal: AbortSignal.timeout(10_000),
}).catch(() => undefined)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const response = await fetch(`${ISSUER}/oauth/token`, {
method: "POST",
headers: { "Content-Type": "application/x-www-form-urlencoded" },
body: new URLSearchParams({
grant_type: "authorization_code",
code,
redirect_uri: redirectUri,
client_id: CLIENT_ID,
code_verifier: pkce.verifier,
}).toString(),
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const deviceResponse = await fetch(`${ISSUER}/api/accounts/deviceauth/usercode`, {
method: "POST",
headers: {
"Content-Type": "application/json",
"User-Agent": `opencode/${InstallationVersion}`,
},
body: JSON.stringify({ client_id: CLIENT_ID }),
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const response = await fetch(`${ISSUER}/api/accounts/deviceauth/token`, {
method: "POST",
headers: {
"Content-Type": "application/json",
"User-Agent": `opencode/${InstallationVersion}`,
},
body: JSON.stringify({
device_auth_id: deviceData.device_auth_id,
user_code: deviceData.user_code,
}),
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const tokenResponse = await fetch(`${ISSUER}/oauth/token`, {
method: "POST",
headers: { "Content-Type": "application/x-www-form-urlencoded" },
body: new URLSearchParams({
grant_type: "authorization_code",
code: data.authorization_code,
redirect_uri: `${ISSUER}/deviceauth/callback`,
client_id: CLIENT_ID,
code_verifier: data.code_verifier,
}).toString(),
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const buffer = yield* fs.readFile(shortest).pipe(Effect.orDie)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const envToken = process.env.AWS_BEARER_TOKEN_BEDROCK
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.AWS_BEARER_TOKEN_BEDROCK = auth.key
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI || process.env.AWS_CONTAINER_CREDENTIALS_FULL_URI,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const envAICoreServiceKey = process.env.AICORE_SERVICE_KEY
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.AICORE_SERVICE_KEY = auth.key
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const deploymentId = process.env.AICORE_DEPLOYMENT_ID
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const resourceGroup = process.env.AICORE_RESOURCE_GROUP
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
HttpApiEndpoint.patch("update", root, {
query: WorkspaceRoutingQuery,
payload: ConfigV1.Info,
success: described(ConfigV1.Info, "Successfully updated config"),
error: HttpApiError.BadRequest,
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("moveSession", `${root}/move-session`, {
payload: MoveSessionPayload,
success: described(HttpApiSchema.NoContent, "Session moved"),
error: ApiMoveSessionError,
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.put("authSet", ControlPaths.auth, {
params: AuthParams,
payload: Auth.Info,
success: described(Schema.Boolean, "Successfully set authentication credentials"),
error: HttpApiError.BadRequest,
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("log", ControlPaths.log, {
query: LogQuery,
payload: LogInput,
success: described(Schema.Boolean, "Log entry written successfully"),
error: HttpApiError.BadRequest,
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("consoleSwitch", ExperimentalPaths.consoleSwitch, {
query: WorkspaceRoutingQuery,
payload: ConsoleSwitchPayload,
success: described(Schema.Boolean, "Switch success"),
error: HttpApiError.BadRequest,
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("worktreeCreate", ExperimentalPaths.worktree, {
disableCodecs: true,
query: WorkspaceRoutingQuery,
payload: [HttpApiSchema.NoContent, Worktree.CreateInput],
success: described(Worktree.Info, "Worktree created"),
error: WorktreeApiError,
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("worktreeReset", ExperimentalPaths.worktreeReset, {
query: WorkspaceRoutingQuery,
payload: Worktree.ResetInput,
success: described(Schema.Boolean, "Worktree reset"),
error: WorktreeApiError,
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("sessionBackground", ExperimentalPaths.sessionBackground, {
params: { sessionID: SessionID },
query: WorkspaceRoutingQuery,
success: described(Schema.Boolean, "Backgrounded subagents"),
error: HttpApiError.BadRequest,
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.patch("configUpdate", GlobalPaths.config, {
payload: ConfigV1.Info,
success: described(ConfigV1.Info, "Successfully updated global config"),
error: HttpApiError.BadRequest,
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("dispose", GlobalPaths.dispose, {
success: described(Schema.Boolean, "Global disposed"),
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("upgrade", GlobalPaths.upgrade, {
payload: [HttpApiSchema.NoContent, GlobalUpgradeInput],
success: described(GlobalUpgradeResult, "Upgrade result"),
error: HttpApiError.BadRequest,
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("dispose", InstancePaths.dispose, {
query: WorkspaceRoutingQuery,
success: described(Schema.Boolean, "Instance disposed"),
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("vcsApply", InstancePaths.vcsApply, {
query: WorkspaceRoutingQuery,
payload: Vcs.ApplyInput,
success: described(Vcs.ApplyResult, "VCS patch applied"),
error: ApiVcsApplyError,
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("add", McpPaths.status, {
query: WorkspaceRoutingQuery,
payload: AddPayload,
success: described(StatusMap, "MCP server added successfully"),
error: HttpApiError.BadRequest,
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("authStart", McpPaths.auth, {
params: { name: Schema.String },
query: WorkspaceRoutingQuery,
success: described(AuthStartResponse, "OAuth flow started"),
error: [UnsupportedOAuthError, McpServerNotFoundError],
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("authCallback", McpPaths.authCallback, {
params: { name: Schema.String },
query: WorkspaceRoutingQuery,
payload: AuthCallbackPayload,
success: described(MCP.Status, "OAuth authentication completed"),
error: [HttpApiError.BadRequest, McpServerNotFoundError],
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("authAuthenticate", McpPaths.authAuthenticate, {
params: { name: Schema.String },
query: WorkspaceRoutingQuery,
success: described(MCP.Status, "OAuth authentication completed"),
error: [UnsupportedOAuthError, McpServerNotFoundError],
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("connect", McpPaths.connect, {
params: { name: Schema.String },
query: WorkspaceRoutingQuery,
success: described(Schema.Boolean, "MCP server connected successfully"),
error: McpServerNotFoundError,
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("disconnect", McpPaths.disconnect, {
params: { name: Schema.String },
query: WorkspaceRoutingQuery,
success: described(Schema.Boolean, "MCP server disconnected successfully"),
error: McpServerNotFoundError,
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("reply", `${root}/:requestID/reply`, {
params: { requestID: PermissionV1.ID },
query: WorkspaceRoutingQuery,
payload: ReplyPayload,
success: described(Schema.Boolean, "Permission processed successfully"),
error: [HttpApiError.BadRequest, PermissionNotFoundError],
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("generateName", "/experimental/project/:projectID/copy/generate-name", {
params: { projectID: ProjectV2.ID },
query: WorkspaceRoutingQuery,
payload: GenerateNamePayload,
success: Schema.Struct({ name: Schema.String }),
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("initGit", `${root}/git/init`, {
query: WorkspaceRoutingQuery,
success: described(Project.Info, "Project information after git initialization"),
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.patch("update", `${root}/:projectID`, {
params: { projectID: ProjectV2.ID },
query: WorkspaceRoutingQuery,
payload: UpdatePayload,
success: described(Project.Info, "Updated project information"),
error: [HttpApiError.BadRequest, ProjectNotFoundError],
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("authorize", `${root}/:providerID/oauth/authorize`, {
params: { providerID: ProviderV2.ID },
query: WorkspaceRoutingQuery,
payload: ProviderAuth.AuthorizeInput,
success: described(Schema.UndefinedOr(ProviderAuth.Authorization), "Authorization URL and method"),
error: ProviderAuthApiError,
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("callback", `${root}/:providerID/oauth/callback`, {
params: { providerID: ProviderV2.ID },
query: WorkspaceRoutingQuery,
payload: ProviderAuth.CallbackInput,
success: described(Schema.Boolean, "OAuth callback processed successfully"),
error: ProviderAuthApiError,
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("create", PtyPaths.create, {
query: WorkspaceRoutingQuery,
payload: Pty.CreateInput,
success: described(Pty.Info, "Created session"),
error: HttpApiError.BadRequest,
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.put("update", PtyPaths.update, {
params: { ptyID: PtyID },
query: WorkspaceRoutingQuery,
payload: Pty.UpdateInput,
success: described(Pty.Info, "Updated session"),
error: [PtyNotFoundError, HttpApiError.BadRequest],
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("connectToken", PtyPaths.connectToken, {
params: { ptyID: PtyID },
query: WorkspaceRoutingQuery,
success: described(PtyTicket.ConnectToken, "WebSocket connect token"),
error: [PtyForbiddenError, PtyNotFoundError],
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("reply", `${root}/:requestID/reply`, {
params: { requestID: QuestionID },
query: WorkspaceRoutingQuery,
payload: ReplyPayload,
success: described(Schema.Boolean, "Question answered successfully"),
error: [HttpApiError.BadRequest, QuestionNotFoundError],
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("reject", `${root}/:requestID/reject`, {
params: { requestID: QuestionID },
query: WorkspaceRoutingQuery,
success: described(Schema.Boolean, "Question rejected successfully"),
error: [HttpApiError.BadRequest, QuestionNotFoundError],
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("create", SessionPaths.create, {
query: WorkspaceRoutingQuery,
payload: [HttpApiSchema.NoContent, Session.CreateInput],
success: described(Session.Info, "Successfully created session"),
error: HttpApiError.BadRequest,
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.patch("update", SessionPaths.update, {
params: { sessionID: SessionID },
query: WorkspaceRoutingQuery,
payload: UpdatePayload,
success: described(Session.Info, "Successfully updated session"),
error: [HttpApiError.BadRequest, ApiNotFoundError],
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("fork", SessionPaths.fork, {
params: { sessionID: SessionID },
query: WorkspaceRoutingQuery,
payload: [HttpApiSchema.NoContent, ForkPayload],
success: described(Session.Info, "200"),
error: [HttpApiError.BadRequest, ApiNotFoundError],
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("abort", SessionPaths.abort, {
params: { sessionID: SessionID },
query: WorkspaceRoutingQuery,
success: described(Schema.Boolean, "Aborted session"),
error: HttpApiError.BadRequest,
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("init", SessionPaths.init, {
params: { sessionID: SessionID },
query: WorkspaceRoutingQuery,
payload: InitPayload,
success: described(Schema.Boolean, "200"),
error: [HttpApiError.BadRequest, ApiNotFoundError],
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("share", SessionPaths.share, {
params: { sessionID: SessionID },
query: WorkspaceRoutingQuery,
success: described(Session.Info, "Successfully shared session"),
error: [HttpApiError.InternalServerError, ApiNotFoundError],
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("summarize", SessionPaths.summarize, {
params: { sessionID: SessionID },
query: WorkspaceRoutingQuery,
payload: SummarizePayload,
success: described(Schema.Boolean, "Summarized session"),
error: [HttpApiError.BadRequest, ApiNotFoundError],
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("prompt", SessionPaths.prompt, {
params: { sessionID: SessionID },
query: WorkspaceRoutingQuery,
payload: PromptPayload,
success: described(SessionV1.WithParts, "Created message"),
error: [HttpApiError.BadRequest, ApiNotFoundError],
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("promptAsync", SessionPaths.promptAsync, {
params: { sessionID: SessionID },
query: WorkspaceRoutingQuery,
payload: PromptPayload,
success: described(HttpApiSchema.NoContent, "Prompt accepted"),
error: [HttpApiError.BadRequest, ApiNotFoundError],
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("command", SessionPaths.command, {
params: { sessionID: SessionID },
query: WorkspaceRoutingQuery,
payload: CommandPayload,
success: described(SessionV1.WithParts, "Created message"),
error: [HttpApiError.BadRequest, ApiNotFoundError],
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("shell", SessionPaths.shell, {
params: { sessionID: SessionID },
query: WorkspaceRoutingQuery,
payload: ShellPayload,
success: described(SessionV1.WithParts, "Created message"),
error: [HttpApiError.BadRequest, ApiNotFoundError, SessionBusyError],
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("revert", SessionPaths.revert, {
params: { sessionID: SessionID },
query: WorkspaceRoutingQuery,
payload: RevertPayload,
success: described(Session.Info, "Updated session"),
error: [HttpApiError.BadRequest, ApiNotFoundError, SessionBusyError],
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("unrevert", SessionPaths.unrevert, {
params: { sessionID: SessionID },
query: WorkspaceRoutingQuery,
success: described(Session.Info, "Updated session"),
error: [HttpApiError.BadRequest, ApiNotFoundError, SessionBusyError],
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("permissionRespond", SessionPaths.permissions, {
params: { sessionID: SessionID, permissionID: PermissionV1.ID },
query: WorkspaceRoutingQuery,
payload: PermissionResponsePayload,
success: described(Schema.Boolean, "Permission processed successfully"),
error: [HttpApiError.BadRequest, ApiNotFoundError, PermissionNotFoundError],
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.patch("updatePart", SessionPaths.updatePart, {
params: { sessionID: SessionID, messageID: MessageID, partID: PartID },
query: WorkspaceRoutingQuery,
payload: SessionV1.Part,
success: described(SessionV1.Part, "Successfully updated part"),
error: [HttpApiError.BadRequest, ApiNotFoundError],
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("start", SyncPaths.start, {
query: WorkspaceRoutingQuery,
success: described(Schema.Boolean, "Workspace sync started"),
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("replay", SyncPaths.replay, {
query: WorkspaceRoutingQuery,
payload: ReplayPayload,
success: described(ReplayResponse, "Replayed sync events"),
error: HttpApiError.BadRequest,
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("steal", SyncPaths.steal, {
query: WorkspaceRoutingQuery,
payload: SessionPayload,
success: described(SessionPayload, "Session stolen into workspace"),
error: HttpApiError.BadRequest,
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("history", SyncPaths.history, {
query: WorkspaceRoutingQuery,
payload: HistoryPayload,
success: described(Schema.Array(HistoryEvent), "Sync events"),
error: HttpApiError.BadRequest,
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("appendPrompt", TuiPaths.appendPrompt, {
query: WorkspaceRoutingQuery,
payload: TuiEvent.PromptAppend.data,
success: described(Schema.Boolean, "Prompt processed successfully"),
error: HttpApiError.BadRequest,
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("openHelp", TuiPaths.openHelp, {
query: WorkspaceRoutingQuery,
success: described(Schema.Boolean, "Help dialog opened successfully"),
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("openSessions", TuiPaths.openSessions, {
query: WorkspaceRoutingQuery,
success: described(Schema.Boolean, "Session dialog opened successfully"),
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("openThemes", TuiPaths.openThemes, {
query: WorkspaceRoutingQuery,
success: described(Schema.Boolean, "Theme dialog opened successfully"),
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("openModels", TuiPaths.openModels, {
query: WorkspaceRoutingQuery,
success: described(Schema.Boolean, "Model dialog opened successfully"),
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("submitPrompt", TuiPaths.submitPrompt, {
query: WorkspaceRoutingQuery,
success: described(Schema.Boolean, "Prompt submitted successfully"),
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("clearPrompt", TuiPaths.clearPrompt, {
query: WorkspaceRoutingQuery,
success: described(Schema.Boolean, "Prompt cleared successfully"),
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("executeCommand", TuiPaths.executeCommand, {
query: WorkspaceRoutingQuery,
payload: CommandPayload,
success: described(Schema.Boolean, "Command executed successfully"),
error: HttpApiError.BadRequest,
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("showToast", TuiPaths.showToast, {
query: WorkspaceRoutingQuery,
payload: TuiEvent.ToastShow.data,
success: described(Schema.Boolean, "Toast notification shown successfully"),
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("publish", TuiPaths.publish, {
query: WorkspaceRoutingQuery,
payload: TuiPublishPayload,
success: described(Schema.Boolean, "Event published successfully"),
error: HttpApiError.BadRequest,
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("selectSession", TuiPaths.selectSession, {
query: WorkspaceRoutingQuery,
payload: TuiEvent.SessionSelect.data,
success: described(Schema.Boolean, "Session selected successfully"),
error: [HttpApiError.BadRequest, ApiNotFoundError],
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("controlResponse", TuiPaths.controlResponse, {
query: WorkspaceRoutingQuery,
payload: Schema.Unknown,
success: described(Schema.Boolean, "Response submitted successfully"),
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("create", WorkspacePaths.list, {
query: WorkspaceRoutingQuery,
payload: CreatePayload,
success: described(Workspace.Info, "Workspace created"),
error: [ApiWorkspaceCreateError, HttpApiError.BadRequest],
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("syncList", WorkspacePaths.syncList, {
query: WorkspaceRoutingQuery,
success: described(HttpApiSchema.NoContent, "Workspace list synced"),
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("warp", WorkspacePaths.warp, {
query: WorkspaceRoutingQuery,
payload: WarpPayload,
success: described(HttpApiSchema.NoContent, "Session warped"),
error: [ApiWorkspaceWarpError, ApiVcsApplyError, ApiNotFoundError],
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
export const UI_UPSTREAM = new URL("https://app.opencode.ai")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return fs.readFile(file).pipe(
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
Buffer.from(yield* fsys.readFile(filepath).pipe(Effect.catch(Effect.die))).toString("base64"),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const disabled = process.env["OPENCODE_DISABLE_SHARE"] === "true" || process.env["OPENCODE_DISABLE_SHARE"] === "1"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const res = yield* HttpClientRequest.post(`${req.baseUrl}${req.api.sync(share.id)}`).pipe(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const result = yield* HttpClientRequest.post(`${req.baseUrl}${req.api.create}`).pipe(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
if (opts.printLogs) process.env.OPENCODE_PRINT_LOGS = "1"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (opts.logLevel) process.env.OPENCODE_LOG_LEVEL = opts.logLevel
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const source = yield* Bom.readFile(afs, filePath)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const source = yield* Bom.readFile(afs, filePath).pipe(
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const source = yield* Bom.readFile(afs, filePath)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
export const EXA_URL = process.env.EXA_API_KEY
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
? `https://mcp.exa.ai/mcp?exaApiKey=${encodeURIComponent(process.env.EXA_API_KEY)}`
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const request = yield* HttpClientRequest.post(url).pipe(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const bytes = yield* fs.readFile(filepath)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (process.platform !== "win32") return process.env[key]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return name ? process.env[name] : undefined
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const override = process.env.OPENCODE_WEBSEARCH_PROVIDER
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (!process.env.PARALLEL_API_KEY) return headers
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return { ...headers, Authorization: `Bearer ${process.env.PARALLEL_API_KEY}` }
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const source = exists ? yield* Bom.readFile(fs, filepath) : { bom: false, text: "" }
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return split(new TextDecoder("utf-8", { ignoreBOM: true }).decode(yield* fs.readFile(filePath)))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import { chmod, mkdir, readFile, stat as statFile, writeFile } from "fs/promises"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import { createWriteStream, existsSync, statSync } from "fs"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import { realpathSync } from "fs"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return readFile(p, "utf-8")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return JSON.parse(await readFile(p, "utf-8"))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return readFile(p)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const buf = await readFile(p)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await writeFile(p, content, { mode })
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await writeFile(p, content)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await writeFile(p, content, { mode })
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await writeFile(p, content)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return process.env[key.toLowerCase()] || process.env[key.toUpperCase()] || ""
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const base = process.env.OPENCODE_REPO_CLONE_GITHUB_BASE_URL
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (npm): packages/console/app
npm first-party const response = await fetch(`https://api.emailoctopus.com/lists/${listId}/contacts`, {
method: "PUT",
headers: {
Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
"Content-Type": "application/json",
},
body: JSON.stringify({
email_address: emailAddress,
}),
})
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
const res = await fetch(`${auth.url}/services/data/v59.0/sobjects/Lead`, {
method: "POST",
headers: {
Authorization: `Bearer ${auth.token}`,
"Content-Type": "application/json",
},
body: JSON.stringify({
LastName: input.name,
Company: input.company?.trim() || "Website",
Email: input.email,
Phone: input.phone ?? null,
Title: input.role,
Description: input.message,
LeadSource: "Website",
}),
}).catch((err) => {
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
return fetch(`https://api.emailoctopus.com/lists/${EMAIL_OCTOPUS_LIST_ID}/contacts`, {
method: "PUT",
headers: {
Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
"Content-Type": "application/json",
},
body: JSON.stringify(payload),
}).then(
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
const res = await fetch(`${auth.url}/services/data/v59.0/sobjects/Lead`, {
method: "POST",
headers: {
Authorization: `Bearer ${auth.token}`,
"Content-Type": "application/json",
},
body: JSON.stringify({
LastName: input.name,
Company: input.company?.trim() || "Website",
Email: input.email,
Phone: input.phone ?? null,
Title: input.role,
Description: input.message,
LeadSource: "Website",
}),
}).catch((err) => {
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
await rateLimiter?.track()
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
await trialLimiter?.track(usageInfo)
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
await modelTpmLimiter?.track(providerInfo.id, providerInfo.model, usageInfo)
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
await providerBudgetTracker?.track(providerInfo.id, providerInfo.budgetPriority, costInfo.totalCostInCent)
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
await rateLimiter?.track()
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
await trialLimiter?.track(usageInfo)
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
await modelTpmLimiter?.track(providerInfo.id, providerInfo.model, usageInfo)
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
await modelTpsLimiter?.track(
providerInfo.id,
providerInfo.model,
providerInfo.tpsGoal,
timestampFirstByte,
timestampLastByte,
usageInfo,
)
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
await providerBudgetTracker?.track(
providerInfo.id,
providerInfo.budgetPriority,
costInfo.totalCostInCent,
)
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
expand_more 6 low-confidence finding(s)
import { readdir, writeFile } from "fs/promises"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await writeFile(outputPath, xml, "utf-8")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const response = await fetch(`https://api.emailoctopus.com/lists/${listId}/contacts`, {
method: "PUT",
headers: {
Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
"Content-Type": "application/json",
},
body: JSON.stringify({
email_address: emailAddress,
}),
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const response = await fetch("https://api.github.com/repos/anomalyco/opencode/releases?per_page=20", {
headers: {
Accept: "application/vnd.github.v3+json",
"User-Agent": "OpenCode-Console",
},
cf: {
// best-effort edge caching (ignored outside Cloudflare)
cacheTtl: 60 * 5,
cacheEverything: true,
},
} as RequestInit).catch(() => undefined)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return fetch(`https://api.emailoctopus.com/lists/${EMAIL_OCTOPUS_LIST_ID}/contacts`, {
method: "PUT",
headers: {
Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
"Content-Type": "application/json",
},
body: JSON.stringify(payload),
}).then(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const response = await fetch(
"https://raw.githubusercontent.com/anomalyco/opencode/refs/heads/dev/packages/sdk/openapi.json",
)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
first-party (npm)
npm first-party const comment = await fetch(`${base}/comments`, {
method: "POST",
headers,
body: JSON.stringify({ body: msg }),
})
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
const patch = await fetch(base, {
method: "PATCH",
headers,
body: JSON.stringify({ state: "closed", state_reason: "not_planned" }),
})
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
const res = await fetch(
`https://api.github.com/repos/${repo}/issues?state=open&sort=updated&direction=asc&per_page=100&page=${page}`,
{ headers },
)
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
const response = await fetch(`https://api.github.com${endpoint}`, {
...options,
headers: {
Authorization: `Bearer ${process.env.GITHUB_TOKEN}`,
Accept: "application/vnd.github+json",
"Content-Type": "application/json",
...(options.headers instanceof Headers ? Object.fromEntries(options.headers.entries()) : options.headers),
},
})
A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.
Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.
const response = await fetch(`https://api.github.com${endpoint}`, {
...options,
headers: {
Authorization: `Bearer ${process.env.GITHUB_TOKEN}`,
Accept: "application/vnd.github+json",
"Content-Type": "application/json",
...(options.headers instanceof Headers ? Object.fromEntries(options.headers.entries()) : options.headers),
},
})
A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.
Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.
console.log(`Fetched page ${page} ${all.length} issues`)
PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.
Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.
console.log(`Skipping stale issue #${i.number}; author ${i.user?.login ?? "unknown"} is exempt`)
PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.
Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.
console.log(`\nFound fresh issue #${i.number}, stopping`)
PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.
Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.
expand_more 38 low-confidence finding(s)
Authorization: `Bearer ${process.env.GITHUB_TOKEN}`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const issue = parseInt(process.env.ISSUE_NUMBER ?? "", 10)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
Authorization: `Bearer ${process.env.GITHUB_TOKEN}`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const value = process.env["MODEL"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const runId = process.env["GITHUB_RUN_ID"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return process.env["AGENT"] || undefined
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const value = process.env["SHARE"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
mockEvent: process.env["MOCK_EVENT"],
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
mockToken: process.env["MOCK_TOKEN"],
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return process.env["TOKEN"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
response = await fetch("https://api.opencode.ai/exchange_github_app_token_with_pat", {
method: "POST",
headers: {
Authorization: `Bearer ${useEnvMock().mockToken}`,
},
body: JSON.stringify({ owner: repo.owner, repo: repo.repo }),
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
response = await fetch("https://api.opencode.ai/exchange_github_app_token", {
method: "POST",
headers: {
Authorization: `Bearer ${oidcToken}`,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
await fetch("https://api.github.com/installation/token", {
method: "DELETE",
headers: {
Authorization: `Bearer ${accessToken}`,
Accept: "application/vnd.github+json",
"X-GitHub-Api-Version": "2022-11-28",
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
new sst.Secret("CLOUDFLARE_DEFAULT_ACCOUNT_ID", process.env.CLOUDFLARE_DEFAULT_ACCOUNT_ID!),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
new sst.Secret("CLOUDFLARE_API_TOKEN", process.env.CLOUDFLARE_API_TOKEN!),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import { lstat, mkdir, readdir, rm, symlink } from "fs/promises"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import { lstat, mkdir, readdir, rm, symlink } from "fs/promises"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const reg = process.env.REGISTRY ?? "ghcr.io/anomalyco"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const tag = process.env.TAG ?? "24.04"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const push = process.argv.includes("--push") || process.env.PUSH === "1"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs from "fs/promises"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (process.env.GITHUB_ACTIONS !== "true") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import { rm } from "fs/promises"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const token = process.env.GITHUB_TOKEN
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const envToken = process.env.GITHUB_TOKEN ?? process.env.GH_TOKEN
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await $`gh release edit ${tag} --draft=false --repo ${process.env.GH_REPO}`
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const repo = process.env.GH_REPO ?? "anomalyco/opencode"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const key = process.env["POSTHOG_KEY"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const response = await fetch("https://us.i.posthog.com/i/v0/e/", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
distinct_id: "download",
api_key: key,
event,
properties: {
...properties,
},
}),
}).catch(() => null)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const sha = process.env.GITHUB_SHA ?? (await $`git rev-parse HEAD`.text()).trim()
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const dir = process.env.RUNNER_TEMP ?? "/tmp"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await $`gh release create v${Script.version} -d --title "v${Script.version}" --repo ${process.env.GH_REPO}`
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await $`gh release view v${Script.version} --json tagName,databaseId --repo ${process.env.GH_REPO}`.json()
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
output.push(`repo=${process.env.GH_REPO}`)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (process.env.GITHUB_OUTPUT) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await Bun.write(process.env.GITHUB_OUTPUT, output.join("\n"))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
profile: process.env.GITHUB_ACTIONS
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.STRIPE_SECRET_KEY!,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (npm): packages/core
npm first-party LLM.request({
model: input.model,
messages: [Message.user(summaryPrompt)],
tools: [],
generation: { maxTokens: summaryOutput },
}),
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
expand_more 96 low-confidence finding(s)
import fs from "fs/promises"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs from "fs/promises"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.OPENCODE_DISABLE_CHANNEL_DB === "1" ||
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.OPENCODE_DISABLE_CHANNEL_DB === "true"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const current = yield* fs
.readFile(input.target.canonical)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
: fs.writeFile(input.target.canonical, input.content, { flag: "wx" })
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const current = yield* fs.readFile(input.target.canonical)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
: fs.writeFile(input.target.canonical, input.content)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
content: yield* fs.readFile(target.real).pipe(Effect.orDie),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const value = process.env[key]?.toLowerCase()
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const copy = process.env["OPENCODE_EXPERIMENTAL_DISABLE_COPY_ON_SELECT"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fff = process.env["OPENCODE_DISABLE_FFF"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return process.env[key] === undefined ? truthy("OPENCODE_EXPERIMENTAL") : truthy(key)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
OTEL_EXPORTER_OTLP_ENDPOINT: process.env["OTEL_EXPORTER_OTLP_ENDPOINT"],
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
OTEL_EXPORTER_OTLP_HEADERS: process.env["OTEL_EXPORTER_OTLP_HEADERS"],
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
OPENCODE_GIT_BASH_PATH: process.env["OPENCODE_GIT_BASH_PATH"],
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
OPENCODE_CONFIG: process.env["OPENCODE_CONFIG"],
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
OPENCODE_CONFIG_CONTENT: process.env["OPENCODE_CONFIG_CONTENT"],
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
OPENCODE_FAKE_VCS: process.env["OPENCODE_FAKE_VCS"],
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
OPENCODE_SERVER_PASSWORD: process.env["OPENCODE_SERVER_PASSWORD"],
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
OPENCODE_SERVER_USERNAME: process.env["OPENCODE_SERVER_USERNAME"],
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
OPENCODE_MODELS_URL: process.env["OPENCODE_MODELS_URL"],
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
OPENCODE_MODELS_PATH: process.env["OPENCODE_MODELS_PATH"],
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
OPENCODE_DB: process.env["OPENCODE_DB"],
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
OPENCODE_WORKSPACE_ID: process.env["OPENCODE_WORKSPACE_ID"],
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return process.env["OPENCODE_TUI_CONFIG"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return process.env["OPENCODE_CONFIG_DIR"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return process.env["OPENCODE_PERMISSION"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return process.env["OPENCODE_PLUGIN_META_FILE"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return process.env["OPENCODE_CLIENT"] ?? "cli"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import { realpathSync } from "fs"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import * as NFS from "fs/promises"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs from "fs/promises"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return process.env.OPENCODE_TEST_HOME ?? os.homedir()
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
.flatMap((method) => method.names.filter((name) => process.env[name]))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const key = process.env[connection.name]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const value = process.env.OPENCODE_LOG_LEVEL?.toUpperCase()
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return process.env.OPENCODE_PRINT_LOGS === "1" ? [fileLogger(), stderrLogger] : [fileLogger()]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const value = process.env.OTEL_RESOURCE_ATTRIBUTES
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const profile = typeof options.profile === "string" ? options.profile : process.env.AWS_PROFILE
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const region = typeof options.region === "string" ? options.region : (process.env.AWS_REGION ?? "us-east-1")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.AWS_BEARER_TOKEN_BEDROCK ??
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (bearerToken && !process.env.AWS_BEARER_TOKEN_BEDROCK) process.env.AWS_BEARER_TOKEN_BEDROCK = bearerToken
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI || process.env.AWS_CONTAINER_CREDENTIALS_FULL_URI,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const region = typeof evt.options.region === "string" ? evt.options.region : process.env.AWS_REGION
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
typeof configured === "string" && configured.trim() !== "" ? configured : process.env.AZURE_RESOURCE_NAME
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const resourceName = process.env.AZURE_COGNITIVE_SERVICES_RESOURCE_NAME
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const accountId = process.env.CLOUDFLARE_ACCOUNT_ID ?? stringOption(options, "accountId")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.CLOUDFLARE_GATEWAY_ID ?? stringOption(options, "gatewayId") ?? stringOption(options, "gateway")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const apiKey = process.env.CLOUDFLARE_API_TOKEN ?? process.env.CF_AIG_TOKEN ?? stringOption(options, "apiKey")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return process.env.CLOUDFLARE_ACCOUNT_ID ?? stringOption(options, "accountId")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.CLOUDFLARE_API_KEY ?? options.apiKey,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return baseURL.replaceAll("${CLOUDFLARE_ACCOUNT_ID}", process.env.CLOUDFLARE_ACCOUNT_ID ?? "${CLOUDFLARE_ACCOUNT_ID}")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
: (process.env.GITLAB_INSTANCE_URL ?? "https://gitlab.com"),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: typeof evt.options.apiKey === "string" ? evt.options.apiKey : process.env.GITLAB_TOKEN,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.GOOGLE_VERTEX_PROJECT ??
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.GOOGLE_CLOUD_PROJECT ??
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.GCP_PROJECT ??
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.GCLOUD_PROJECT
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.GOOGLE_VERTEX_LOCATION ??
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.GOOGLE_CLOUD_LOCATION ??
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.VERTEX_LOCATION ??
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.GOOGLE_CLOUD_PROJECT ??
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.GCP_PROJECT ??
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.GCLOUD_PROJECT
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.GOOGLE_CLOUD_LOCATION ??
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.VERTEX_LOCATION ??
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
: (process.env.GOOGLE_CLOUD_PROJECT ?? process.env.GCP_PROJECT ?? process.env.GCLOUD_PROJECT)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
: (process.env.GOOGLE_CLOUD_LOCATION ?? process.env.VERTEX_LOCATION ?? "global")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fetch(`${issuer}/api/accounts/deviceauth/token`, {
method: "POST",
headers: headers("application/json"),
body: JSON.stringify({ device_auth_id: device.device_auth_id, user_code: device.user_code }),
signal,
}),
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const hasKey = Boolean(process.env.OPENCODE_API_KEY || connected || item.provider.request.body.apiKey)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return HttpClientRequest.post(url).pipe(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
process.env.AICORE_SERVICE_KEY ??
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (serviceKey && !process.env.AICORE_SERVICE_KEY) process.env.AICORE_SERVICE_KEY = serviceKey
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
? { deploymentId: process.env.AICORE_DEPLOYMENT_ID, resourceGroup: process.env.AICORE_RESOURCE_GROUP }
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.SNOWFLAKE_CORTEX_TOKEN ??
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.SNOWFLAKE_CORTEX_PAT ??
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const base = process.env.OPENCODE_REPO_CLONE_GITHUB_BASE_URL
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import { readFile } from "fs/promises"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import { statSync } from "fs"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
[which("pwsh"), which("powershell"), gitbash(), process.env.COMSPEC || "cmd.exe"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const text = await readFile("/etc/shells", "utf8").catch(() => "")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
defaultPreferred ??= select(process.env.SHELL)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
defaultAcceptable ??= select(process.env.SHELL, { acceptable: true })
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const source = yield* fs.readFile(target.canonical)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const defaultShell = () => (process.platform === "win32" ? (process.env.COMSPEC ?? "cmd.exe") : "/bin/sh")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const source = decodeUtf8(yield* unableToEdit(fs.readFile(target.canonical)))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.OPENCODE_WEBSEARCH_PROVIDER === "exa" || process.env.OPENCODE_WEBSEARCH_PROVIDER === "parallel"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
? process.env.OPENCODE_WEBSEARCH_PROVIDER
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
exaApiKey: process.env.EXA_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
parallelApiKey: process.env.PARALLEL_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const url = new URL(EXA_URL)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const request = yield* HttpClientRequest.post(url).pipe(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
import { mkdir, readFile, rm, stat, utimes, writeFile } from "fs/promises"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const base = env?.PATH ?? env?.Path ?? process.env.PATH ?? process.env.Path ?? ""
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
pathExt: env?.PATHEXT ?? env?.PathExt ?? process.env.PATHEXT ?? process.env.PathExt,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (npm): packages/stats/app
npm first-party const response = await fetch(`https://api.emailoctopus.com/lists/${listId}/contacts`, {
method: "PUT",
headers: {
Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
"Content-Type": "application/json",
},
body: JSON.stringify({
email_address: emailAddress.trim(),
}),
})
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
expand_more 1 low-confidence finding(s)
const response = await fetch(`https://api.emailoctopus.com/lists/${listId}/contacts`, {
method: "PUT",
headers: {
Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
"Content-Type": "application/json",
},
body: JSON.stringify({
email_address: emailAddress.trim(),
}),
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
first-party (npm): packages/app
npm first-partyimport * as Sentry from "@sentry/solid"
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
import * as Sentry from "@sentry/solid"
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
import * as Sentry from "@sentry/solid"
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
import { sentryVitePlugin } from "@sentry/vite-plugin"
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
expand_more 69 low-confidence finding(s)
runID: process.env.OPENCODE_PERFORMANCE_RUN_ID,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
runID: process.env.OPENCODE_PERFORMANCE_RUN_ID,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
selectorTrace: process.env.OPENCODE_PERFORMANCE_SELECTOR_TRACE === "1",
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const directory = process.env.OPENCODE_PERFORMANCE_TRACE_DIR
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const selectors = process.env.OPENCODE_PERFORMANCE_SELECTOR_TRACE === "1"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const run = process.env.OPENCODE_PERFORMANCE_RUN_ID ?? "manual"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const port = Number(process.env.PLAYWRIGHT_PORT ?? 3000)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.PLAYWRIGHT_SERVER_PORT = String(port)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.OPENCODE_PERFORMANCE_RUN_ID ??= `${new Date().toISOString().replace(/[:.]/g, "-")}-${process.pid}`
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
server: `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const completionTimeoutMs = Number(process.env.REVIEW_PANE_COMPLETION_TIMEOUT_MS ?? 900_000)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const patchByteLimit = Number(process.env.REVIEW_PANE_PATCH_BYTE_LIMIT ?? Number.POSITIVE_INFINITY)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
throw new Error(`Invalid REVIEW_PANE_PATCH_BYTE_LIMIT: ${process.env.REVIEW_PANE_PATCH_BYTE_LIMIT}`)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const mode = process.env.SESSION_PARENT_HYDRATION_BENCHMARK_MODE ?? "natural"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const runs = Number(process.env.SESSION_TAB_SWITCH_RUNS ?? 5)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
benchmark.setTimeout(Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000) + 60_000)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
benchmark.setTimeout(Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000) + 60_000)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
benchmark.setTimeout(Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000) + 60_000)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
benchmark.setTimeout(Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000) + 60_000)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const historyTurns = Number(process.env.REVIEW_PANE_HISTORY_TURNS ?? 72)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const completionTimeoutMs = Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const cpuThrottle = Number(process.env.TIMELINE_CPU_THROTTLE ?? 30)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const deltaCount = Number(process.env.TIMELINE_DELTA_COUNT ?? 160)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const historyTurns = Number(process.env.TIMELINE_HISTORY_TURNS ?? 320)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const eventBatch = Number(process.env.TIMELINE_EVENT_BATCH ?? 1)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const minimal = process.env.TIMELINE_MINIMAL === "1"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const profileCPU = process.env.TIMELINE_CPU_PROFILE === "1"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const profileVisual = !minimal && profileCPU && process.env.TIMELINE_VISUAL_PROFILE !== "0"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return Array.from({ length: Number(process.env.REVIEW_PANE_DIFF_COUNT ?? 72) }, (_, index) => {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
server: `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
server: `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
(url) => url.pathname === "/session" && url.port === (process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const port = Number(process.env.PLAYWRIGHT_TIMELINE_SUSPENSE_PORT ?? 4317)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const targetPort = process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.PLAYWRIGHT_BASE_URL ?? `http://127.0.0.1:${process.env.PLAYWRIGHT_PORT ?? "3000"}`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (process.env.OPENCODE_STABILITY_CAPTURE !== "1") return
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await writeFile(tracePath, JSON.stringify(trace, null, 2))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await writeFile(
issuesPath,
JSON.stringify({ issues, markers: result.markers, capturedFrameCount: result.frames.length }, null, 2),
)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const port = Number(process.env.PLAYWRIGHT_PORT ?? 3000)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const baseURL = process.env.PLAYWRIGHT_BASE_URL ?? `http://127.0.0.1:${port}`
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const serverHost = process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const serverPort = process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const reuse = !process.env.CI
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const workers = Number(process.env.PLAYWRIGHT_WORKERS ?? (process.env.CI ? 5 : 0)) || undefined
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
testIgnore: process.env.OPENCODE_PERFORMANCE === "1" ? "performance/**/*.test.ts" : "performance/**",
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fullyParallel: process.env.PLAYWRIGHT_FULLY_PARALLEL === "1",
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
forbidOnly: !!process.env.CI,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
retries: process.env.CI ? 2 : 0,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
describe.skipIf(!!process.env.CI)("i18n parity", () => {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.SENTRY_AUTH_TOKEN && process.env.SENTRY_ORG && process.env.SENTRY_PROJECT
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
authToken: process.env.SENTRY_AUTH_TOKEN,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
org: process.env.SENTRY_ORG,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
project: process.env.SENTRY_PROJECT,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
name: process.env.SENTRY_RELEASE ?? process.env.VITE_SENTRY_RELEASE,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const raw = process.env.OPENCODE_CHANNEL
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (process.env.OPENCODE_CHANNEL === "latest") return "prod"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
`<script id="oc-theme-preload-script">${readFileSync(theme, "utf8")}</script>`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (npm): packages/console/function
npm first-party const emails = (await fetch("https://api.github.com/user/emails", {
headers: {
Authorization: `Bearer ${response.tokenset.access}`,
"User-Agent": "opencode",
Accept: "application/vnd.github+json",
},
}).then((x) => x.json())) as any
A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.
Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.
const user = (await fetch("https://api.github.com/user", {
headers: {
Authorization: `Bearer ${response.tokenset.access}`,
"User-Agent": "opencode",
Accept: "application/vnd.github+json",
},
}).then((x) => x.json())) as any
A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.
Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.
fetch(lakeIngest.url, {
method: "POST",
headers: {
"Content-Type": "application/json",
Authorization: `Bearer ${lakeIngest.secret}`,
},
body: JSON.stringify({ events: events.map((event) => toLakeEvent(event.time, event.data)) }),
}),
A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.
Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.
expand_more 3 low-confidence finding(s)
const emails = (await fetch("https://api.github.com/user/emails", {
headers: {
Authorization: `Bearer ${response.tokenset.access}`,
"User-Agent": "opencode",
Accept: "application/vnd.github+json",
},
}).then((x) => x.json())) as any
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const user = (await fetch("https://api.github.com/user", {
headers: {
Authorization: `Bearer ${response.tokenset.access}`,
"User-Agent": "opencode",
Accept: "application/vnd.github+json",
},
}).then((x) => x.json())) as any
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
fetch("https://api.honeycomb.io/1/batch/zen", {
method: "POST",
headers: {
"Content-Type": "application/json",
"X-Honeycomb-Team": Resource.HONEYCOMB_API_KEY.value,
},
body: JSON.stringify(events),
}),
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
first-party (npm): packages/slack
npm first-partyconsole.log("- Bot token present:", !!process.env.SLACK_BOT_TOKEN)
PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.
Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.
console.log("- Signing secret present:", !!process.env.SLACK_SIGNING_SECRET)
PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.
Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.
console.log("- App token present:", !!process.env.SLACK_APP_TOKEN)
PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.
Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.
expand_more 6 low-confidence finding(s)
token: process.env.SLACK_BOT_TOKEN,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
signingSecret: process.env.SLACK_SIGNING_SECRET,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
appToken: process.env.SLACK_APP_TOKEN,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
console.log("- Bot token present:", !!process.env.SLACK_BOT_TOKEN)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
console.log("- Signing secret present:", !!process.env.SLACK_SIGNING_SECRET)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
console.log("- App token present:", !!process.env.SLACK_APP_TOKEN)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (npm): packages/desktop
npm first-partyimport { sentryVitePlugin } from "@sentry/vite-plugin"
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
import * as Sentry from "@sentry/solid"
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
expand_more 65 low-confidence finding(s)
const previous = process.env.OPENCODE_CHANNEL
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.OPENCODE_CHANNEL = channel.channel
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (previous === undefined) delete process.env.OPENCODE_CHANNEL
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
else process.env.OPENCODE_CHANNEL = previous
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const previous = process.env.OPENCODE_CHANNEL
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.OPENCODE_CHANNEL = "prod"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (previous === undefined) delete process.env.OPENCODE_CHANNEL
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
else process.env.OPENCODE_CHANNEL = previous
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (process.env.GITHUB_ACTIONS !== "true") return
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const raw = process.env.OPENCODE_CHANNEL
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const raw = process.env.OPENCODE_CHANNEL
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (process.env.OPENCODE_CHANNEL === "latest") return "prod"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.SENTRY_AUTH_TOKEN && process.env.SENTRY_ORG && process.env.SENTRY_PROJECT
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
authToken: process.env.SENTRY_AUTH_TOKEN,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
org: process.env.SENTRY_ORG,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
project: process.env.SENTRY_PROJECT,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
name: process.env.SENTRY_RELEASE ?? process.env.VITE_SENTRY_RELEASE,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await fs.writeFile(`./out/main/chunks/${l}`, await fs.readFile(`${OPENCODE_SERVER_DIST}/${l}`))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const repo = process.env.GH_REPO
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const releaseId = process.env.OPENCODE_RELEASE
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const version = process.env.OPENCODE_VERSION
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const dir = process.env.LATEST_YML_DIR
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const token = process.env.GH_TOKEN ?? process.env.GITHUB_TOKEN
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const rel = await fetch(`https://api.github.com/repos/${repo}/releases/${releaseId}`, {
headers: {
Authorization: `token ${token}`,
Accept: "application/vnd.github+json",
},
})
A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.
Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.
const res = await fetch(asset?.url ?? url, {
headers: {
Authorization: `token ${token}`,
...(asset ? { Accept: "application/octet-stream" } : {}),
},
})
A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.
Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.
const tmp = process.env.RUNNER_TEMP ?? "/tmp"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const tmp = process.env.RUNNER_TEMP ?? "/tmp"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const dir = process.env.LATEST_YML_DIR!
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const repo = process.env.GH_REPO
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const version = process.env.OPENCODE_VERSION
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const tmp = process.env.RUNNER_TEMP ?? "/tmp"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await $`bun ./scripts/copy-icons.ts ${process.env.OPENCODE_CHANNEL ?? "dev"}`
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (process.platform === "win32" && process.env.GITHUB_ACTIONS === "true") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const home = process.env.HOME
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const content = await readFile(path, "utf8")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await writeFile(file, "lorem ipsum")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await writeFile(file, "")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const TEST_ONBOARDING = process.env.OPENCODE_TEST_ONBOARDING === "1"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const items = (process.env[key] ?? "")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env[key] = items.join(",")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.OPENCODE_DISABLE_EMBEDDED_WEB_UI = "true"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.OPENCODE_DB = ":memory:"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.XDG_DATA_HOME = join(root, "data")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.XDG_CONFIG_HOME = join(root, "config")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.XDG_CACHE_HOME = join(root, "cache")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.XDG_STATE_HOME = join(root, "state")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fromEnv = process.env.OPENCODE_PORT
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const contents = readFileSync(path, "utf8")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const xdgData = process.env.XDG_DATA_HOME || join(homedir(), ".local", "share")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const data = entry.data ?? readFileSync(entry.path!)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
writeFileSync(output, Buffer.from(await zip.arrayBuffer()))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return join(process.env.APPDATA ?? join(homedir(), "AppData", "Roaming"), id)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return join(process.env.XDG_DATA_HOME ?? join(homedir(), ".local", "share"), id)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
data = JSON.parse(readFileSync(datPath, "utf-8"))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
XDG_STATE_HOME: process.env.XDG_STATE_HOME ?? userDataPath,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return resolveUserShell(process.env.SHELL, userInfo().shell)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return resolveUserShell(process.env.SHELL, undefined)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
XDG_STATE_HOME: process.env.XDG_STATE_HOME ?? userDataPath,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const items = (process.env[key] ?? "")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env[key] = items.join(",")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await writeFile(join(root, name), value)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const raw = await readFile(file, "utf8").catch(() => undefined)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const devUrl = process.env.ELECTRON_RENDERER_URL
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const devUrl = process.env.ELECTRON_RENDERER_URL
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const root = process.env.SystemRoot ?? process.env.windir
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (npm): packages/session-ui
npm first-party if (bridge.track(event.buttons, hit.line)) return
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
expand_more 1 low-confidence finding(s)
void input.readFile(input.path).then(
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (npm): packages/cli
npm first-partyexpand_more 8 low-confidence finding(s)
const fs = require("fs")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const envPath = process.env.OPENCODE_BIN_PATH
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return /(^|\s)avx2(\s|$)/i.test(fs.readFileSync("/proc/cpuinfo", "utf8"))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs from "fs"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import { rm } from "fs/promises"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const modelsUrl = process.env.OPENCODE_MODELS_URL || "https://models.dev"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
export const modelsData = process.env.MODELS_DEV_API_JSON
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
? await Bun.file(process.env.MODELS_DEV_API_JSON).text()
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (npm): packages/enterprise
npm first-partyexpand_more 2 low-confidence finding(s)
const target = process.env.OPENCODE_DEPLOYMENT_TARGET
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseURL: process.env.OPENCODE_BASE_URL,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (npm): packages/function
npm first-partyexpand_more 1 low-confidence finding(s)
const JWKS = createRemoteJWKSet(new URL(JWKS_URL))
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
first-party (npm): packages/http-recorder
npm first-partyexpand_more 4 low-confidence finding(s)
await writeFile(
path.join(directory, "package.json"),
JSON.stringify({ name: "http-recorder-consumer", private: true, type: "module" }),
)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await writeFile(
path.join(directory, "consumer.ts"),
`import { HttpRecorder } from "@opencode-ai/http-recorder"
import { NodeSocket } from "@effect/platform-node"
import { Layer } from "effect"
import { HttpClient } from "effect/unstable/http"
import { Socket } from "effect/unstable/socket"
const options: HttpRecorder.RecorderOptions = { redact: { jsonFields: ["access_token"] } }
HttpRecorder.http("consumer", options) satisfies Layer.Layer<HttpClient.HttpClient>
HttpRecorder.socket("consumer/socket", options).pipe(
Layer.provide(NodeSocket.layerWebSocket("wss://example.test")),
) satisfies Layer.Layer<Socket.Socket>
`,
)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await writeFile(
path.join(directory, "tsconfig.json"),
JSON.stringify({
compilerOptions: {
target: "ES2022",
module: "NodeNext",
moduleResolution: "NodeNext",
strict: true,
noEmit: true,
// Required by [email protected]: its schema.d.ts references an undeclared SchemaErrorTypeId.
skipLibCheck: true,
lib: ["ES2022", "DOM", "ESNext.Disposable"],
},
include: ["consumer.ts"],
}),
)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const value = process.env.CI
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (npm): packages/llm
npm first-partyexpand_more 4 low-confidence finding(s)
const models = (await (await fetch(MODELS_DEV_URL)).json()) as JsonRecord
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpClientRequest.get("https://api.anthropic.com/v1/models").pipe(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
if (process.env[name]) return "shell"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
HttpClientRequest.post(input.url).pipe(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
first-party (npm): packages/protocol
npm first-partyexpand_more 23 low-confidence finding(s)
HttpApiEndpoint.patch("credential.update", "/api/credential/:credentialID", {
params: { credentialID: Credential.ID },
query: LocationQuery,
payload: Schema.Struct({ label: Schema.String }),
success: HttpApiSchema.NoContent,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("integration.connect.key", "/api/integration/:integrationID/connect/key", {
params: { integrationID: Integration.ID },
query: LocationQuery,
payload: Schema.Struct({
key: Schema.String,
label: Schema.optional(Schema.String),
}),
success: HttpApiSchema.NoContent,
error: InvalidRequestError,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("integration.connect.oauth", "/api/integration/:integrationID/connect/oauth", {
params: { integrationID: Integration.ID },
query: LocationQuery,
payload: Schema.Struct({
methodID: Integration.MethodID,
inputs: Inputs,
label: Schema.optional(Schema.String),
}),
success: Location.response(Integration.Attempt),
error: InvalidRequestError,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("integration.attempt.complete", "/api/integration/attempt/:attemptID/complete", {
params: { attemptID: Integration.AttemptID },
query: LocationQuery,
payload: Schema.Struct({ code: Schema.optional(Schema.String) }),
success: HttpApiSchema.NoContent,
error: InvalidRequestError,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("session.permission.create", "/api/session/:sessionID/permission", {
params: { sessionID: Session.ID },
payload: Schema.Struct({
id: Permission.ID.pipe(Schema.optional),
action: Permission.Request.fields.action,
resources: Permission.Request.fields.resources,
save: Permission.Request.fields.save,
metadata: Permission.Request.fields.metadata,
source: Permission.Request.fields.source,
agent: Agent.ID.pipe(Schema.optional),
}),
success: Schema.Struct({
data: Schema.Struct({ id: Permission.ID, effect: Permission.Effect }),
}),
error: SessionNotFoundError,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("session.permission.reply", "/api/session/:sessionID/permission/:requestID/reply", {
params: { sessionID: Session.ID, requestID: Permission.ID },
payload: Schema.Struct({
reply: Permission.Reply,
message: Schema.String.pipe(Schema.optional),
}),
success: HttpApiSchema.NoContent,
error: [SessionNotFoundError, PermissionNotFoundError],
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("projectCopy.create", root, {
params: { projectID: Project.ID },
query: LocationQuery,
payload: CreatePayload,
success: ProjectCopy.Copy,
error: ProjectCopyError,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("projectCopy.refresh", `${root}/refresh`, {
params: { projectID: Project.ID },
query: LocationQuery,
success: HttpApiSchema.NoContent,
error: ProjectCopyError,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("pty.create", "/api/pty", {
query: LocationQuery,
payload: Pty.CreateInput,
success: Location.response(Pty.Info),
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.put("pty.update", "/api/pty/:ptyID", {
params: { ptyID: Pty.ID },
query: LocationQuery,
payload: Pty.UpdateInput,
success: Location.response(Pty.Info),
error: PtyNotFoundError,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("pty.connectToken", "/api/pty/:ptyID/connect-token", {
params: { ptyID: Pty.ID },
query: LocationQuery,
success: Location.response(PtyTicket.ConnectToken),
error: [ForbiddenError, PtyNotFoundError],
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("session.question.reply", "/api/session/:sessionID/question/:requestID/reply", {
params: { sessionID: Session.ID, requestID: Question.ID },
payload: Question.Reply,
success: HttpApiSchema.NoContent,
error: [SessionNotFoundError, QuestionNotFoundError],
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("session.question.reject", "/api/session/:sessionID/question/:requestID/reject", {
params: { sessionID: Session.ID, requestID: Question.ID },
success: HttpApiSchema.NoContent,
error: [SessionNotFoundError, QuestionNotFoundError],
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("session.create", "/api/session", {
payload: Schema.Struct({
id: Session.ID.pipe(Schema.optional),
agent: Agent.ID.pipe(Schema.optional),
model: Model.Ref.pipe(Schema.optional),
location: Location.Ref.pipe(Schema.optional),
}),
success: Schema.Struct({ data: Session.Info }),
}).annotateMerge(
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("session.switchAgent", "/api/session/:sessionID/agent", {
params: { sessionID: Session.ID },
payload: Schema.Struct({ agent: Agent.ID }),
success: HttpApiSchema.NoContent,
error: SessionNotFoundError,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("session.switchModel", "/api/session/:sessionID/model", {
params: { sessionID: Session.ID },
payload: Schema.Struct({ model: Model.Ref }),
success: HttpApiSchema.NoContent,
error: SessionNotFoundError,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("session.prompt", "/api/session/:sessionID/prompt", {
params: { sessionID: Session.ID },
payload: Schema.Struct({
id: SessionMessage.ID.pipe(Schema.optional),
prompt: PromptInput.Prompt,
delivery: SessionInput.Delivery.pipe(Schema.optional),
resume: Schema.Boolean.pipe(Schema.optional),
}),
success: Schema.Struct({ data: SessionInput.Admitted }),
error: [ConflictError, SessionNotFoundError],
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("session.compact", "/api/session/:sessionID/compact", {
params: { sessionID: Session.ID },
success: HttpApiSchema.NoContent,
error: [SessionNotFoundError, ServiceUnavailableError],
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("session.wait", "/api/session/:sessionID/wait", {
params: { sessionID: Session.ID },
success: HttpApiSchema.NoContent,
error: [SessionNotFoundError, ServiceUnavailableError],
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("session.revert.stage", "/api/session/:sessionID/revert/stage", {
params: { sessionID: Session.ID },
payload: Schema.Struct({ messageID: SessionMessage.ID, files: Schema.Boolean.pipe(Schema.optional) }),
success: Schema.Struct({ data: Revert.State }),
error: [MessageNotFoundError, SessionNotFoundError, UnknownError],
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("session.revert.clear", "/api/session/:sessionID/revert/clear", {
params: { sessionID: Session.ID },
success: HttpApiSchema.NoContent,
error: [SessionNotFoundError, UnknownError],
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("session.revert.commit", "/api/session/:sessionID/revert/commit", {
params: { sessionID: Session.ID },
success: HttpApiSchema.NoContent,
error: SessionNotFoundError,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
HttpApiEndpoint.post("session.interrupt", "/api/session/:sessionID/interrupt", {
params: { sessionID: Session.ID },
success: HttpApiSchema.NoContent,
error: SessionNotFoundError,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
first-party (npm): packages/script
npm first-partyexpand_more 5 low-confidence finding(s)
OPENCODE_CHANNEL: process.env["OPENCODE_CHANNEL"],
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
OPENCODE_BUMP: process.env["OPENCODE_BUMP"],
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
OPENCODE_VERSION: process.env["OPENCODE_VERSION"],
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
OPENCODE_RELEASE: process.env["OPENCODE_RELEASE"],
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const version = await fetch("https://registry.npmjs.org/opencode-ai/latest")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
first-party (npm): packages/sdk/js
npm first-partyexpand_more 126 low-confidence finding(s)
return (options?.client ?? this._client).post<PtyCreateResponses, PtyCreateErrors, ThrowOnError>({
url: "/pty",
...options,
headers: {
"Content-Type": "application/json",
...options?.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options.client ?? this._client).put<PtyUpdateResponses, PtyUpdateErrors, ThrowOnError>({
url: "/pty/{id}",
...options,
headers: {
"Content-Type": "application/json",
...options.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this._client).patch<ConfigUpdateResponses, ConfigUpdateErrors, ThrowOnError>({
url: "/config",
...options,
headers: {
"Content-Type": "application/json",
...options?.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this._client).post<InstanceDisposeResponses, unknown, ThrowOnError>({
url: "/instance/dispose",
...options,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this._client).post<SessionCreateResponses, SessionCreateErrors, ThrowOnError>({
url: "/session",
...options,
headers: {
"Content-Type": "application/json",
...options?.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options.client ?? this._client).patch<SessionUpdateResponses, SessionUpdateErrors, ThrowOnError>({
url: "/session/{id}",
...options,
headers: {
"Content-Type": "application/json",
...options.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options.client ?? this._client).post<SessionInitResponses, SessionInitErrors, ThrowOnError>({
url: "/session/{id}/init",
...options,
headers: {
"Content-Type": "application/json",
...options.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options.client ?? this._client).post<SessionForkResponses, unknown, ThrowOnError>({
url: "/session/{id}/fork",
...options,
headers: {
"Content-Type": "application/json",
...options.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options.client ?? this._client).post<SessionAbortResponses, SessionAbortErrors, ThrowOnError>({
url: "/session/{id}/abort",
...options,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options.client ?? this._client).post<SessionShareResponses, SessionShareErrors, ThrowOnError>({
url: "/session/{id}/share",
...options,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options.client ?? this._client).post<SessionSummarizeResponses, SessionSummarizeErrors, ThrowOnError>({
url: "/session/{id}/summarize",
...options,
headers: {
"Content-Type": "application/json",
...options.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options.client ?? this._client).post<SessionPromptResponses, SessionPromptErrors, ThrowOnError>({
url: "/session/{id}/message",
...options,
headers: {
"Content-Type": "application/json",
...options.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options.client ?? this._client).post<SessionPromptAsyncResponses, SessionPromptAsyncErrors, ThrowOnError>({
url: "/session/{id}/prompt_async",
...options,
headers: {
"Content-Type": "application/json",
...options.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options.client ?? this._client).post<SessionCommandResponses, SessionCommandErrors, ThrowOnError>({
url: "/session/{id}/command",
...options,
headers: {
"Content-Type": "application/json",
...options.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options.client ?? this._client).post<SessionShellResponses, SessionShellErrors, ThrowOnError>({
url: "/session/{id}/shell",
...options,
headers: {
"Content-Type": "application/json",
...options.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options.client ?? this._client).post<SessionRevertResponses, SessionRevertErrors, ThrowOnError>({
url: "/session/{id}/revert",
...options,
headers: {
"Content-Type": "application/json",
...options.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options.client ?? this._client).post<SessionUnrevertResponses, SessionUnrevertErrors, ThrowOnError>({
url: "/session/{id}/unrevert",
...options,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options.client ?? this._client).post<
ProviderOauthAuthorizeResponses,
ProviderOauthAuthorizeErrors,
ThrowOnError
>({
url: "/provider/{id}/oauth/authorize",
...options,
headers: {
"Content-Type": "application/json",
...options.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options.client ?? this._client).post<
ProviderOauthCallbackResponses,
ProviderOauthCallbackErrors,
ThrowOnError
>({
url: "/provider/{id}/oauth/callback",
...options,
headers: {
"Content-Type": "application/json",
...options.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this._client).post<AppLogResponses, AppLogErrors, ThrowOnError>({
url: "/log",
...options,
headers: {
"Content-Type": "application/json",
...options?.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options.client ?? this._client).post<McpAuthStartResponses, McpAuthStartErrors, ThrowOnError>({
url: "/mcp/{name}/auth",
...options,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options.client ?? this._client).post<McpAuthCallbackResponses, McpAuthCallbackErrors, ThrowOnError>({
url: "/mcp/{name}/auth/callback",
...options,
headers: {
"Content-Type": "application/json",
...options.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options.client ?? this._client).post<McpAuthAuthenticateResponses, McpAuthAuthenticateErrors, ThrowOnError>(
{
url: "/mcp/{name}/auth/authenticate",
...options,
},
)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options.client ?? this._client).put<AuthSetResponses, AuthSetErrors, ThrowOnError>({
url: "/auth/{id}",
...options,
headers: {
"Content-Type": "application/json",
...options.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this._client).post<McpAddResponses, McpAddErrors, ThrowOnError>({
url: "/mcp",
...options,
headers: {
"Content-Type": "application/json",
...options?.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options.client ?? this._client).post<McpConnectResponses, unknown, ThrowOnError>({
url: "/mcp/{name}/connect",
...options,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options.client ?? this._client).post<McpDisconnectResponses, unknown, ThrowOnError>({
url: "/mcp/{name}/disconnect",
...options,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this._client).post<TuiControlResponseResponses, unknown, ThrowOnError>({
url: "/tui/control/response",
...options,
headers: {
"Content-Type": "application/json",
...options?.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this._client).post<TuiAppendPromptResponses, TuiAppendPromptErrors, ThrowOnError>({
url: "/tui/append-prompt",
...options,
headers: {
"Content-Type": "application/json",
...options?.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this._client).post<TuiOpenHelpResponses, unknown, ThrowOnError>({
url: "/tui/open-help",
...options,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this._client).post<TuiOpenSessionsResponses, unknown, ThrowOnError>({
url: "/tui/open-sessions",
...options,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this._client).post<TuiOpenThemesResponses, unknown, ThrowOnError>({
url: "/tui/open-themes",
...options,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this._client).post<TuiOpenModelsResponses, unknown, ThrowOnError>({
url: "/tui/open-models",
...options,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this._client).post<TuiSubmitPromptResponses, unknown, ThrowOnError>({
url: "/tui/submit-prompt",
...options,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this._client).post<TuiClearPromptResponses, unknown, ThrowOnError>({
url: "/tui/clear-prompt",
...options,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this._client).post<TuiExecuteCommandResponses, TuiExecuteCommandErrors, ThrowOnError>({
url: "/tui/execute-command",
...options,
headers: {
"Content-Type": "application/json",
...options?.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this._client).post<TuiShowToastResponses, unknown, ThrowOnError>({
url: "/tui/show-toast",
...options,
headers: {
"Content-Type": "application/json",
...options?.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this._client).post<TuiPublishResponses, TuiPublishErrors, ThrowOnError>({
url: "/tui/publish",
...options,
headers: {
"Content-Type": "application/json",
...options?.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options.client ?? this._client).post<
PostSessionIdPermissionsPermissionIdResponses,
PostSessionIdPermissionsPermissionIdErrors,
ThrowOnError
>({
url: "/session/{id}/permissions/{permissionID}",
...options,
headers: {
"Content-Type": "application/json",
...options.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).put<AuthSetResponses, AuthSetErrors, ThrowOnError>({
url: "/auth/{providerID}",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<AppLogResponses, AppLogErrors, ThrowOnError>({
url: "/log",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<
ExperimentalControlPlaneMoveSessionResponses,
ExperimentalControlPlaneMoveSessionErrors,
ThrowOnError
>({
url: "/experimental/control-plane/move-session",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<ExperimentalConsoleSwitchOrgResponses, unknown, ThrowOnError>({
url: "/experimental/console/switch",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<
ExperimentalSessionBackgroundResponses,
ExperimentalSessionBackgroundErrors,
ThrowOnError
>({
url: "/experimental/session/{sessionID}/background",
...options,
...params,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<
ExperimentalProjectCopyGenerateNameResponses,
ExperimentalProjectCopyGenerateNameErrors,
ThrowOnError
>({
url: "/experimental/project/{projectID}/copy/generate-name",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<
ExperimentalWorkspaceCreateResponses,
ExperimentalWorkspaceCreateErrors,
ThrowOnError
>({
url: "/experimental/workspace",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<
ExperimentalWorkspaceSyncListResponses,
ExperimentalWorkspaceSyncListErrors,
ThrowOnError
>({
url: "/experimental/workspace/sync-list",
...options,
...params,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<
ExperimentalWorkspaceWarpResponses,
ExperimentalWorkspaceWarpErrors,
ThrowOnError
>({
url: "/experimental/workspace/warp",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).patch<GlobalConfigUpdateResponses, GlobalConfigUpdateErrors, ThrowOnError>({
url: "/global/config",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<GlobalDisposeResponses, GlobalDisposeErrors, ThrowOnError>({
url: "/global/dispose",
...options,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<GlobalUpgradeResponses, GlobalUpgradeErrors, ThrowOnError>({
url: "/global/upgrade",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).patch<ConfigUpdateResponses, ConfigUpdateErrors, ThrowOnError>({
url: "/config",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<WorktreeCreateResponses, WorktreeCreateErrors, ThrowOnError>({
url: "/experimental/worktree",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<WorktreeResetResponses, WorktreeResetErrors, ThrowOnError>({
url: "/experimental/worktree/reset",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<InstanceDisposeResponses, InstanceDisposeErrors, ThrowOnError>({
url: "/instance/dispose",
...options,
...params,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<VcsApplyResponses, VcsApplyErrors, ThrowOnError>({
url: "/vcs/apply",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<McpAuthStartResponses, McpAuthStartErrors, ThrowOnError>({
url: "/mcp/{name}/auth",
...options,
...params,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<McpAuthCallbackResponses, McpAuthCallbackErrors, ThrowOnError>({
url: "/mcp/{name}/auth/callback",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<McpAuthAuthenticateResponses, McpAuthAuthenticateErrors, ThrowOnError>(
{
url: "/mcp/{name}/auth/authenticate",
...options,
...params,
},
)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<McpAddResponses, McpAddErrors, ThrowOnError>({
url: "/mcp",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<McpConnectResponses, McpConnectErrors, ThrowOnError>({
url: "/mcp/{name}/connect",
...options,
...params,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<McpDisconnectResponses, McpDisconnectErrors, ThrowOnError>({
url: "/mcp/{name}/disconnect",
...options,
...params,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<ProjectInitGitResponses, ProjectInitGitErrors, ThrowOnError>({
url: "/project/git/init",
...options,
...params,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).patch<ProjectUpdateResponses, ProjectUpdateErrors, ThrowOnError>({
url: "/project/{projectID}",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<PtyCreateResponses, PtyCreateErrors, ThrowOnError>({
url: "/pty",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).put<PtyUpdateResponses, PtyUpdateErrors, ThrowOnError>({
url: "/pty/{ptyID}",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<PtyConnectTokenResponses, PtyConnectTokenErrors, ThrowOnError>({
url: "/pty/{ptyID}/connect-token",
...options,
...params,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<QuestionReplyResponses, QuestionReplyErrors, ThrowOnError>({
url: "/question/{requestID}/reply",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<QuestionRejectResponses, QuestionRejectErrors, ThrowOnError>({
url: "/question/{requestID}/reject",
...options,
...params,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<PermissionReplyResponses, PermissionReplyErrors, ThrowOnError>({
url: "/permission/{requestID}/reply",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<PermissionRespondResponses, PermissionRespondErrors, ThrowOnError>({
url: "/session/{sessionID}/permissions/{permissionID}",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<
ProviderOauthAuthorizeResponses,
ProviderOauthAuthorizeErrors,
ThrowOnError
>({
url: "/provider/{providerID}/oauth/authorize",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<
ProviderOauthCallbackResponses,
ProviderOauthCallbackErrors,
ThrowOnError
>({
url: "/provider/{providerID}/oauth/callback",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<SessionCreateResponses, SessionCreateErrors, ThrowOnError>({
url: "/session",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).patch<SessionUpdateResponses, SessionUpdateErrors, ThrowOnError>({
url: "/session/{sessionID}",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<SessionPromptResponses, SessionPromptErrors, ThrowOnError>({
url: "/session/{sessionID}/message",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<SessionForkResponses, SessionForkErrors, ThrowOnError>({
url: "/session/{sessionID}/fork",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<SessionAbortResponses, SessionAbortErrors, ThrowOnError>({
url: "/session/{sessionID}/abort",
...options,
...params,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<SessionInitResponses, SessionInitErrors, ThrowOnError>({
url: "/session/{sessionID}/init",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<SessionShareResponses, SessionShareErrors, ThrowOnError>({
url: "/session/{sessionID}/share",
...options,
...params,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<SessionSummarizeResponses, SessionSummarizeErrors, ThrowOnError>({
url: "/session/{sessionID}/summarize",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<SessionPromptAsyncResponses, SessionPromptAsyncErrors, ThrowOnError>({
url: "/session/{sessionID}/prompt_async",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<SessionCommandResponses, SessionCommandErrors, ThrowOnError>({
url: "/session/{sessionID}/command",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<SessionShellResponses, SessionShellErrors, ThrowOnError>({
url: "/session/{sessionID}/shell",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<SessionRevertResponses, SessionRevertErrors, ThrowOnError>({
url: "/session/{sessionID}/revert",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<SessionUnrevertResponses, SessionUnrevertErrors, ThrowOnError>({
url: "/session/{sessionID}/unrevert",
...options,
...params,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).patch<PartUpdateResponses, PartUpdateErrors, ThrowOnError>({
url: "/session/{sessionID}/message/{messageID}/part/{partID}",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<SyncHistoryListResponses, SyncHistoryListErrors, ThrowOnError>({
url: "/sync/history",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<SyncStartResponses, SyncStartErrors, ThrowOnError>({
url: "/sync/start",
...options,
...params,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<SyncReplayResponses, SyncReplayErrors, ThrowOnError>({
url: "/sync/replay",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<SyncStealResponses, SyncStealErrors, ThrowOnError>({
url: "/sync/steal",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<TuiControlResponseResponses, TuiControlResponseErrors, ThrowOnError>({
url: "/tui/control/response",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<TuiAppendPromptResponses, TuiAppendPromptErrors, ThrowOnError>({
url: "/tui/append-prompt",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<TuiOpenHelpResponses, TuiOpenHelpErrors, ThrowOnError>({
url: "/tui/open-help",
...options,
...params,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<TuiOpenSessionsResponses, TuiOpenSessionsErrors, ThrowOnError>({
url: "/tui/open-sessions",
...options,
...params,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<TuiOpenThemesResponses, TuiOpenThemesErrors, ThrowOnError>({
url: "/tui/open-themes",
...options,
...params,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<TuiOpenModelsResponses, TuiOpenModelsErrors, ThrowOnError>({
url: "/tui/open-models",
...options,
...params,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<TuiSubmitPromptResponses, TuiSubmitPromptErrors, ThrowOnError>({
url: "/tui/submit-prompt",
...options,
...params,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<TuiClearPromptResponses, TuiClearPromptErrors, ThrowOnError>({
url: "/tui/clear-prompt",
...options,
...params,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<TuiExecuteCommandResponses, TuiExecuteCommandErrors, ThrowOnError>({
url: "/tui/execute-command",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<TuiShowToastResponses, TuiShowToastErrors, ThrowOnError>({
url: "/tui/show-toast",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<TuiPublishResponses, TuiPublishErrors, ThrowOnError>({
url: "/tui/publish",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<TuiSelectSessionResponses, TuiSelectSessionErrors, ThrowOnError>({
url: "/tui/select-session",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<
V2SessionRevertStageResponses,
V2SessionRevertStageErrors,
ThrowOnError
>({
url: "/api/session/{sessionID}/revert/stage",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<
V2SessionRevertClearResponses,
V2SessionRevertClearErrors,
ThrowOnError
>({
url: "/api/session/{sessionID}/revert/clear",
...options,
...params,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<
V2SessionRevertCommitResponses,
V2SessionRevertCommitErrors,
ThrowOnError
>({
url: "/api/session/{sessionID}/revert/commit",
...options,
...params,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<
V2SessionPermissionCreateResponses,
V2SessionPermissionCreateErrors,
ThrowOnError
>({
url: "/api/session/{sessionID}/permission",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<
V2SessionPermissionReplyResponses,
V2SessionPermissionReplyErrors,
ThrowOnError
>({
url: "/api/session/{sessionID}/permission/{requestID}/reply",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<
V2SessionQuestionReplyResponses,
V2SessionQuestionReplyErrors,
ThrowOnError
>({
url: "/api/session/{sessionID}/question/{requestID}/reply",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<
V2SessionQuestionRejectResponses,
V2SessionQuestionRejectErrors,
ThrowOnError
>({
url: "/api/session/{sessionID}/question/{requestID}/reject",
...options,
...params,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<V2SessionCreateResponses, V2SessionCreateErrors, ThrowOnError>({
url: "/api/session",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<
V2SessionSwitchAgentResponses,
V2SessionSwitchAgentErrors,
ThrowOnError
>({
url: "/api/session/{sessionID}/agent",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<
V2SessionSwitchModelResponses,
V2SessionSwitchModelErrors,
ThrowOnError
>({
url: "/api/session/{sessionID}/model",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<V2SessionPromptResponses, V2SessionPromptErrors, ThrowOnError>({
url: "/api/session/{sessionID}/prompt",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<V2SessionCompactResponses, V2SessionCompactErrors, ThrowOnError>({
url: "/api/session/{sessionID}/compact",
...options,
...params,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<V2SessionWaitResponses, V2SessionWaitErrors, ThrowOnError>({
url: "/api/session/{sessionID}/wait",
...options,
...params,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<V2SessionInterruptResponses, V2SessionInterruptErrors, ThrowOnError>({
url: "/api/session/{sessionID}/interrupt",
...options,
...params,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<
V2IntegrationConnectKeyResponses,
V2IntegrationConnectKeyErrors,
ThrowOnError
>({
url: "/api/integration/{integrationID}/connect/key",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<
V2IntegrationConnectOauthResponses,
V2IntegrationConnectOauthErrors,
ThrowOnError
>({
url: "/api/integration/{integrationID}/connect/oauth",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<
V2IntegrationAttemptCompleteResponses,
V2IntegrationAttemptCompleteErrors,
ThrowOnError
>({
url: "/api/integration/attempt/{attemptID}/complete",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).patch<V2CredentialUpdateResponses, V2CredentialUpdateErrors, ThrowOnError>({
url: "/api/credential/{credentialID}",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<V2PtyCreateResponses, V2PtyCreateErrors, ThrowOnError>({
url: "/api/pty",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).put<V2PtyUpdateResponses, V2PtyUpdateErrors, ThrowOnError>({
url: "/api/pty/{ptyID}",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<V2PtyConnectTokenResponses, V2PtyConnectTokenErrors, ThrowOnError>({
url: "/api/pty/{ptyID}/connect-token",
...options,
...params,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<V2ProjectCopyCreateResponses, V2ProjectCopyCreateErrors, ThrowOnError>(
{
url: "/experimental/project/{projectID}/copy",
...options,
...params,
headers: {
"Content-Type": "application/json",
...options?.headers,
...params.headers,
},
},
)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return (options?.client ?? this.client).post<
V2ProjectCopyRefreshResponses,
V2ProjectCopyRefreshErrors,
ThrowOnError
>({
url: "/experimental/project/{projectID}/copy/refresh",
...options,
...params,
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
first-party (npm): packages/server
npm first-partyexpand_more 2 low-confidence finding(s)
const password = credentials?.password ?? process.env.OPENCODE_SERVER_PASSWORD
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return `Basic ${Buffer.from(`${credentials?.username ?? process.env.OPENCODE_SERVER_USERNAME ?? "opencode"}:${password}`).toString("base64")}`
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (npm): packages/stats/core
npm first-partyexpand_more 10 low-confidence finding(s)
return process.env.DATABASE_URL ?? Resource.StatsDatabase.url
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.PLANETSCALE_HOST &&
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.PLANETSCALE_USERNAME &&
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.PLANETSCALE_PASSWORD &&
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.PLANETSCALE_DATABASE
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return `mysql://${encodeURIComponent(process.env.PLANETSCALE_USERNAME)}:${encodeURIComponent(
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.PLANETSCALE_PASSWORD,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
)}@${process.env.PLANETSCALE_HOST}/${process.env.PLANETSCALE_DATABASE}?ssl=${encodeURIComponent(
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return process.env.DATABASE_URL ?? Resource.StatsDatabase.url
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
databaseUrl: flags.get("database-url")?.[0] ?? process.env.DATABASE_URL,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (npm): packages/storybook
npm first-partyexpand_more 2 low-confidence finding(s)
const content = fs.readFileSync(abs, "utf-8")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(abs, applied.content, "utf-8")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (npm): packages/tui
npm first-partyexpand_more 27 low-confidence finding(s)
multiplexer: process.env.TMUX ? "tmux" : process.env.STY ? "screen" : undefined,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
displayServer: process.env.WAYLAND_DISPLAY
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
: process.env.DISPLAY
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
initialRoute: process.env.OPENCODE_ROUTE ? JSON.parse(process.env.OPENCODE_ROUTE) : undefined,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
skipInitialLoading: Boolean(process.env.OPENCODE_FAST_BOOT),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const task = readFile(file)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.stdout.write(process.env.TMUX || process.env.STY ? `\x1bPtmux;\x1b${sequence}\x1b\\` : sequence)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return { data: (await readFile(file)).toString("base64"), mime: "image/png" }
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const native = copyCommand(platform(), Boolean(process.env.WAYLAND_DISPLAY), (name) => Boolean(which(name)))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const url = new URL("https://github.com/anomalyco/opencode/issues/new?template=bug-report.yml")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
readText: (value) => readFile(value, "utf8"),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
readBytes: (value) => readFile(value),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const value = process.env.CLAUDE_CODE_SSE_PORT || process.env.OPENCODE_EDITOR_SSE_PORT
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const zedTerminal = process.env.ZED_TERM === "true" || process.env.TERM_PROGRAM?.toLowerCase() === "zed"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
result[path.basename(file, ".json")] = JSON.parse(await readFile(file, "utf8")) as unknown
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
: await readFileAsync(row.buffer_path, "utf8").catch(() => undefined)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.OPENCODE_ZED_DB,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return process.env.ZED_TERM === "true" || process.env.TERM_PROGRAM?.toLowerCase() === "zed"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const editor = process.env.VISUAL || process.env.EDITOR
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await writeFile(file, input.value)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return (await readFile(file, "utf8")) || undefined
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const value = JSON.parse(readFileSync(file, "utf8")) as Record<string, unknown>
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await writeFile(file, content)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import { appendFile, mkdir, rename, rm } from "fs/promises"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const program = process.env.TERM_PROGRAM || process.env.TERM || "unknown"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const version = process.env.TERM_PROGRAM_VERSION ? ` ${process.env.TERM_PROGRAM_VERSION}` : ""
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const multiplexer = process.env.TMUX ? " in tmux" : process.env.STY ? " in screen" : ""
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (npm): packages/ui
npm first-partyexpand_more 3 low-confidence finding(s)
import fs from "fs"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const url = process.env.OPENCODE_MODELS_URL || "https://models.dev"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
.then((svg) => fs.writeFileSync(`./src/assets/icons/provider/${provider}.svg`, svg)),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (npm): packages/web
npm first-partyexpand_more 1 low-confidence finding(s)
const stage = process.env.SST_STAGE || "dev"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
</> Dependencies
ai-gateway-provider
npm dependency const response = await fetch(rbac_url, {
body: JSON.stringify(body),
headers,
method: "PUT",
});
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
const response = await fetch(`${this.env.API_BASE_URL}/api/todos`, {
headers: {
// The Auth0 Access Token is available in props.tokenSet and can be used to call the Upstream API (Todos API).
Authorization: `Bearer ${this.props!.tokenSet.accessToken}`,
},
});
A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.
Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.
const response = await fetch(`${this.env.API_BASE_URL}/api/billing`, {
headers: {
Authorization: `Bearer ${this.props!.tokenSet.accessToken}`,
},
});
A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.
Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.
console.log(JSON.stringify(object, null, 2));
PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.
Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.
return fetch(
`https://gateway.ai.cloudflare.com/v1/${config.accountId}/${config.gatewayId}`,
{
...init,
headers: {
"Content-Type": "application/json",
...headers,
...cacheHeaders,
...(config.cfApiKey
? { "cf-aig-authorization": `Bearer ${config.cfApiKey}` }
: {}),
},
body: JSON.stringify(request),
},
);
A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.
Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.
const response = await fetch(`${WORKERS_AI_REST_BASE}/${config.accountId}/ai/run/${model}`, {
method: "POST",
headers: {
Authorization: `Bearer ${config.apiKey}`,
"Content-Type": "application/json",
},
body: JSON.stringify(body),
signal: options?.signal,
});
A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.
Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.
const response = await fetch(`${WORKERS_AI_REST_BASE}/${config.accountId}/ai/run/${model}`, {
method: "POST",
headers: {
Authorization: `Bearer ${config.apiKey}`,
"Content-Type": contentType,
},
body: audioBytes,
signal: options?.signal,
});
A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.
Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.
const response = await fetch(url, {
method: "POST",
headers: {
Authorization: `Bearer ${config.apiKey}`,
"Content-Type": contentType,
},
body: audioBytes,
signal,
});
A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.
Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.
expand_more 19 low-confidence finding(s)
const response = await fetch("https://slack.com/api/oauth.v2.access", {
body: new URLSearchParams({
client_id: c.env.SLACK_CLIENT_ID,
client_secret: c.env.SLACK_CLIENT_SECRET,
code,
redirect_uri: new URL("/callback", c.req.url).href,
}).toString(),
headers: {
"Content-Type": "application/x-www-form-urlencoded",
},
method: "POST",
});
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const response = await fetch("https://slack.com/api/oauth.v2.access", {
body: new URLSearchParams({
client_id: env.SLACK_CLIENT_ID,
client_secret: env.SLACK_CLIENT_SECRET,
grant_type: "refresh_token",
refresh_token,
}).toString(),
headers: {
"Content-Type": "application/x-www-form-urlencoded",
},
method: "POST",
});
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const response = await fetch(apiUrl, {
method: "GET",
headers: {
"Content-Type": "application/json",
Authorization: `Bearer ${token}`,
Accept: "application/vnd.github+json",
"User-Agent": "model-scraper",
"X-GitHub-Api-Version": "2022-11-28",
},
});
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const userResponse = await fetch("https://www.googleapis.com/oauth2/v2/userinfo", {
headers: {
Authorization: `Bearer ${accessToken}`,
},
});
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const upstream = new URL("https://api.descope.com/oauth2/v1/apps/authorize");
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const resp = await fetch("https://api.descope.com/oauth2/v1/apps/token", {
body: JSON.stringify({
code,
grant_type: "authorization_code",
redirect_uri,
}),
headers: {
Authorization: `Bearer ${project_id}:${management_key}`,
"Content-Type": "application/json",
},
method: "POST",
});
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const resp = await fetch("https://api.descope.com/oauth2/v1/apps/userinfo", {
headers: {
Authorization: `Bearer ${accessToken}`,
},
method: "GET",
});
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
if (!process.env.CLOUDFLARE_API_TOKEN) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (!process.env.CLOUDFLARE_ACCOUNT_ID) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
accountId: process.env.CLOUDFLARE_ACCOUNT_ID,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.CLOUDFLARE_API_TOKEN,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const cfg = Config.parse(JSON.parse(await fs.readFile(this.configPath, "utf8")));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await fs.writeFile(
this.configPath,
JSON.stringify(
Config.parse({
demos: this.demos,
} satisfies Config),
null,
2,
),
);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const templateContent = await fs.readFile(srcPath, "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await fs.writeFile(destPath, compiledContent, "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const templateContent = await fs.readFile(src, "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await fs.writeFile(destPath, compiledContent, "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fileContents = await fs.readFile(filePath, "utf-8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await fs.writeFile(filePath, jsonData, "utf-8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
@openrouter/ai-sdk-provider
npm dependency console.log(reasoning);
PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.
Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.
const response = await fetch(url, {
headers: {
Authorization: `Bearer ${process.env.OPENROUTER_API_KEY}`,
},
});
A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.
Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.
expand_more 120 low-confidence finding(s)
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const pdfBlob = await fetch('https://bitcoin.org/bitcoin.pdf').then((res) =>
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import { readFile } from 'fs/promises';
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const pdfBlob = await fetch('https://bitcoin.org/bitcoin.pdf').then((res) =>
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const metadataText = await readFile(metadataPath, 'utf-8');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const pdfBuffer = await readFile(pdfPath);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import { writeFile } from 'fs/promises';
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
data: new URL('https://bitcoin.org/bitcoin.pdf'),
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
await writeFile(
new URL('./output.ignore.json', import.meta.url),
JSON.stringify(messageHistory, null, 2),
);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
writeFile(
new URL(fileName ?? './output.ignore.json', baseUrl),
JSON.stringify(fileData, null, 2),
);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
Authorization: `Bearer ${process.env.OPENROUTER_API_KEY}`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import { writeFile } from 'fs/promises';
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
apiKey: process.env.OPENROUTER_API_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await writeFile(
new URL('./output.ignore.json', import.meta.url),
JSON.stringify(sources, null, 2),
);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
readFileSync(new URL('package.json', import.meta.url), 'utf8'),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
@openauthjs/openauth
npm dependency const json: any = await fetch(config.endpoint.token, {
method: "POST",
headers: {
"Content-Type": "application/x-www-form-urlencoded",
Accept: "application/json",
},
body: body.toString(),
}).then((r) => r.json())
A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.
Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.
expand_more 13 low-confidence finding(s)
const issuer = input.issuer || process.env.OPENAUTH_ISSUER
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (process.env.OPENAUTH_STORAGE) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const parsed = JSON.parse(process.env.OPENAUTH_STORAGE)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (process.env.AWS_ACCESS_KEY_ID && process.env.AWS_SECRET_ACCESS_KEY) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
accessKeyId: process.env.AWS_ACCESS_KEY_ID,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
sessionToken: process.env.AWS_SESSION_TOKEN,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
region: process.env.AWS_REGION,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
region: process.env.AWS_REGION,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const file = readFileSync(input?.persist)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await writeFile(input.persist, file)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
ai
npm dependency const response = await fetch(this.api.token, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ sessionConfig: this.sessionConfig }),
});
A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.
Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.
@actions/core
npm dependencyexpand_more 15 low-confidence finding(s)
process.env[name] = convertedVal;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const filePath = process.env['GITHUB_ENV'] || '';
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const filePath = process.env['GITHUB_PATH'] || '';
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env['PATH'] = `${inputPath}${path.delimiter}${process.env['PATH']}`;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const val = process.env[`INPUT_${name.replace(/ /g, '_').toUpperCase()}`] || '';
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const filePath = process.env['GITHUB_OUTPUT'] || '';
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return process.env['RUNNER_DEBUG'] === '1';
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const filePath = process.env['GITHUB_STATE'] || '';
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return process.env[`STATE_${name}`] || '';
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fs = __importStar(require("fs"));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const filePath = process.env[`GITHUB_${command}`];
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const token = process.env['ACTIONS_ID_TOKEN_REQUEST_TOKEN'];
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const runtimeUrl = process.env['ACTIONS_ID_TOKEN_REQUEST_URL'];
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fs_1 = require("fs");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const pathFromEnv = process.env[exports.SUMMARY_ENV_VAR];
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
@actions/github
npm dependencyexpand_more 21 low-confidence finding(s)
const fs_1 = require("fs");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (process.env.GITHUB_EVENT_PATH) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if ((0, fs_1.existsSync)(process.env.GITHUB_EVENT_PATH)) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
this.payload = JSON.parse((0, fs_1.readFileSync)(process.env.GITHUB_EVENT_PATH, { encoding: 'utf8' }));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const path = process.env.GITHUB_EVENT_PATH;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
this.eventName = process.env.GITHUB_EVENT_NAME;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
this.sha = process.env.GITHUB_SHA;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
this.ref = process.env.GITHUB_REF;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
this.workflow = process.env.GITHUB_WORKFLOW;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
this.action = process.env.GITHUB_ACTION;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
this.actor = process.env.GITHUB_ACTOR;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
this.job = process.env.GITHUB_JOB;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
this.runAttempt = parseInt(process.env.GITHUB_RUN_ATTEMPT, 10);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
this.runNumber = parseInt(process.env.GITHUB_RUN_NUMBER, 10);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
this.runId = parseInt(process.env.GITHUB_RUN_ID, 10);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
this.apiUrl = (_a = process.env.GITHUB_API_URL) !== null && _a !== void 0 ? _a : `https://api.github.com`;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
this.serverUrl = (_b = process.env.GITHUB_SERVER_URL) !== null && _b !== void 0 ? _b : `https://github.com`;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
(_c = process.env.GITHUB_GRAPHQL_URL) !== null && _c !== void 0 ? _c : `https://api.github.com/graphql`;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (process.env.GITHUB_REPOSITORY) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const [owner, repo] = process.env.GITHUB_REPOSITORY.split('/');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return process.env['GITHUB_API_URL'] || 'https://api.github.com';
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
@agentclientprotocol/sdk
npm dependencyexpand_more 11 low-confidence finding(s)
import * as fs from "fs/promises";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const metadata = JSON.parse(await fs.readFile("./schema/meta.json", "utf8"));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const schemaSrc = await fs.readFile("./schema/schema.json", "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await fs.readFile("./schema/schema.json", "utf8"),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const zodSrc = await fs.readFile(zodPath, "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await fs.writeFile(zodPath, zod);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const tsSrc = await fs.readFile(tsPath, "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await fs.writeFile(tsPath, ts);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const indexSrc = await fs.readFile(indexPath, "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await fs.writeFile(
indexPath,
`${indexSrc.replace(/\s*ClientOptions,/, "")}\n${meta}`,
);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await fs.writeFile(outputPath, response.body);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
@ai-sdk/google-vertex
npm dependencyexpand_more 1 low-confidence finding(s)
const response = await fetch('https://oauth2.googleapis.com/token', {
method: 'POST',
headers: withUserAgentSuffix(
{ 'Content-Type': 'application/x-www-form-urlencoded' },
`ai-sdk/google-vertex/${VERSION}`,
getRuntimeEnvironmentUserAgent(),
),
body: new URLSearchParams({
grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
assertion: jwt,
}),
});
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
@ai-sdk/togetherai
npm dependencyexpand_more 2 low-confidence finding(s)
if (typeof process.env.TOGETHER_API_KEY === 'string') {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const key = process.env.TOGETHER_AI_API_KEY;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
@aws-sdk/credential-providers
npm dependencyexpand_more 2 low-confidence finding(s)
return (0, fromTemporaryCredentials_base_1.fromTemporaryCredentials)(options, fromNodeProviderChain_1.fromNodeProviderChain, async ({ profile = process.env.AWS_PROFILE }) => (0, config_1.loadConfig)({
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return fromTemporaryCredentialsBase(options, fromNodeProviderChain, async ({ profile = process.env.AWS_PROFILE }) => loadConfig({
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
@clack/prompts
npm dependencyexpand_more 1 low-confidence finding(s)
export const isCI = (): boolean => process.env.CI === 'true';
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
@effect/opentelemetry
npm dependencyexpand_more 1 low-confidence finding(s)
const request = HttpClientRequest.post(options.url, { headers })
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
@effect/platform-node
npm dependencyexpand_more 2 low-confidence finding(s)
Https.request(url, {
agent: agent.https,
method: request.method,
headers: request.headers,
signal
}) :
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
Http.request(url, {
agent: agent.http,
method: request.method,
headers: request.headers,
signal
})
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
@ff-labs/fff-bun
npm dependencyexpand_more 2 low-confidence finding(s)
const nvimCache = process.env.XDG_CACHE_HOME || join(homedir(), ".cache", "nvim");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.XDG_DATA_HOME || join(homedir(), ".local", "share", "nvim");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
@modelcontextprotocol/sdk
npm dependencyexpand_more 35 low-confidence finding(s)
await client.request({ method: 'resources/list' }, ListResourcesResultSchema);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const response = await fetch(url);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
writeFileSync(outputPath, fullContent, 'utf-8');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const value = process.env[key];
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const toolsResult = await client.request(toolsRequest, ListToolsResultSchema);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const result = await client.request(request, CallToolResultSchema);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const result = await client.request(toolRequest, CallToolResultSchema);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const toolsResult = await client.request(toolsRequest, ListToolsResultSchema);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
return client
.request(request, CallToolResultSchema)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const DEFAULT_SERVER_URL = process.env.MCP_SERVER_URL || 'http://localhost:3000/mcp';
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const clientId = process.env.MCP_CLIENT_ID;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const privateKeyPem = process.env.MCP_CLIENT_PRIVATE_KEY_PEM;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const algorithm = process.env.MCP_CLIENT_ALGORITHM || 'RS256';
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const clientSecret = process.env.MCP_CLIENT_SECRET;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const result = await this.client.request(request, ListToolsResultSchema);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const result = await this.client.request(request, CallToolResultSchema);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const resourcesResult = await client.request(
{
method: 'resources/list',
params: {}
},
ListResourcesResultSchema
);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const toolsResult = await client.request(toolsRequest, ListToolsResultSchema);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const result = await client.request(request, CallToolResultSchema);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const result = await client.request(request, CallToolResultSchema, {
resumptionToken: notificationsToolLastEventId,
onresumptiontoken: onLastEventIdUpdate
});
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const promptsResult = await client.request(promptsRequest, ListPromptsResultSchema);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const promptResult = await client.request(promptRequest, GetPromptResultSchema);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const resourcesResult = await client.request(resourcesRequest, ListResourcesResultSchema);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const result = await client.request(request, ReadResourceResultSchema);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const result = await client.request(
{
method: 'tools/call',
params: {
name: 'long-task',
arguments: {}
}
},
CallToolResultSchema,
{
// Track resumption tokens for debugging
onresumptiontoken: token => {
lastEventId = token;
console.log(`[Event ID] ${token}`);
}
}
);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const toolsResult = await client.request(toolsRequest, ListToolsResultSchema);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const result = await client.request(request, CallToolResultSchema);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const PORT = process.env.PORT ? parseInt(process.env.PORT, 10) : 3000;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const MCP_PORT = process.env.MCP_PORT ? parseInt(process.env.MCP_PORT, 10) : 3000;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const AUTH_PORT = process.env.MCP_AUTH_PORT ? parseInt(process.env.MCP_AUTH_PORT, 10) : 3001;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const PORT = process.env.MCP_PORT ? parseInt(process.env.MCP_PORT, 10) : 3000;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const MCP_PORT = process.env.MCP_PORT ? parseInt(process.env.MCP_PORT, 10) : 3000;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const AUTH_PORT = process.env.MCP_AUTH_PORT ? parseInt(process.env.MCP_AUTH_PORT, 10) : 3001;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const PORT = process.env.PORT ? parseInt(process.env.PORT, 10) : 8000;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.MCP_DANGEROUSLY_ALLOW_INSECURE_ISSUER_URL === 'true' || process.env.MCP_DANGEROUSLY_ALLOW_INSECURE_ISSUER_URL === '1';
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
@opentui/core
npm dependencyexpand_more 37 low-confidence finding(s)
fs.writeFileSync(filepath, content, "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (process.env.OTUI_USE_ALTERNATE_SCREEN !== undefined) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (process.env.OTUI_OVERRIDE_STDOUT !== undefined) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const value = process.env[key];
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await writeFileNode(destinationPath, bytes, { mode: options?.mode });
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import { existsSync as existsSync3, writeFileSync } from "fs";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const envValue = process.env[config.name];
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import { existsSync as existsSync2 } from "fs";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const libc = process.env.OPENTUI_LIBC;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (process.env.OPENTUI_LIBC === "musl") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (process.env.OPENTUI_LIBC === "musl") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
writeFileSync(logPath, msg + `
`, { flag: "a" });
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const bytes = await readFile(filePath).catch((err) => {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import { readFile as readFile2, writeFile as writeFile2, mkdir as mkdir2 } from "fs/promises";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import { mkdir, readFile, writeFile } from "fs/promises";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const cachedContent = await readFile(cacheFile);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await writeFile(cacheFile, Buffer.from(content));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const content = await readFile(source);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await writeFile(targetPath, Buffer.from(content));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const content = await readFile(source);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await writeFile(targetPath, Buffer.from(content));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import { readdir } from "fs/promises";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const configContent = await readFile2(resolvedConfigPath, "utf-8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const content = await readFile2(localPath, "utf-8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await writeFile2(queryPath, combinedContent, "utf-8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await writeFile2(outputPath, fileContent, "utf-8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import { mkdir as mkdir3 } from "fs/promises";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import { mkdir, readFile, writeFile } from "fs/promises";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const cachedContent = await readFile(cacheFile);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await writeFile(cacheFile, Buffer.from(content));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const content = await readFile(source);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await writeFile(targetPath, Buffer.from(content));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const content = await readFile(source);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await writeFile(targetPath, Buffer.from(content));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await writeFileNode(destinationPath, bytes, { mode: options?.mode });
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const packageJson = JSON.parse(readFileSync(packageJsonPath, "utf8"));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
contents = readFileSync(normalizedPath, "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
@opentui/solid
npm dependencyexpand_more 2 low-confidence finding(s)
if (process.env.DEBUG) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (process.env.DEBUG) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
@parcel/watcher
npm dependencyexpand_more 1 low-confidence finding(s)
if (process.env.npm_config_build_from_source === 'true') {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
@pierre/diffs
npm dependencyexpand_more 1 low-confidence finding(s)
return process.env.NODE_ENV === 'development';
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
@silvia-odwyer/photon-node
npm dependencyexpand_more 1 low-confidence finding(s)
const bytes = require('fs').readFileSync(path);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
@standard-schema/spec
npm dependencyexpand_more 5 low-confidence finding(s)
const md = readFileSync(mdPath, "utf-8").split("<!-- start -->")[1];
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return process.env.NODE_ENV === "development";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return process.env.CF_PAGES_BRANCH !== "main";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return process.env.CF_PAGES_BRANCH === "main";
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return process.env.CF_PAGES_URL!;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
chokidar
npm dependencyexpand_more 14 low-confidence finding(s)
import type { WatchEventType, Stats, FSWatcher as NativeFsWatcher } from 'fs';
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import { watchFile, unwatchFile, watch as fs_watch } from 'fs';
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import { open, stat, lstat, realpath as fsrealpath } from 'fs/promises';
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import { Stats } from 'fs';
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import { stat as statcb } from 'fs';
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import { stat, readdir } from 'fs/promises';
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const envPoll = process.env.CHOKIDAR_USEPOLLING;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const envInterval = process.env.CHOKIDAR_INTERVAL;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import type { WatchEventType, Stats, FSWatcher as NativeFsWatcher } from 'fs';
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fs_1 = require("fs");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import { Stats } from 'fs';
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fs_1 = require("fs");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const envPoll = process.env.CHOKIDAR_USEPOLLING;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const envInterval = process.env.CHOKIDAR_INTERVAL;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
cross-spawn
npm dependencyexpand_more 2 low-confidence finding(s)
parsed.command = process.env.comspec || 'cmd.exe';
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const fs = require('fs');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
drizzle-orm
npm dependencyexpand_more 4 low-confidence finding(s)
const journalAsString = import_node_fs.default.readFileSync(`${migrationFolderTo}/meta/_journal.json`).toString();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const query = import_node_fs.default.readFileSync(`${migrationFolderTo}/${journalEntry.tag}.sql`).toString();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const journalAsString = fs.readFileSync(`${migrationFolderTo}/meta/_journal.json`).toString();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const query = fs.readFileSync(`${migrationFolderTo}/${journalEntry.tag}.sql`).toString();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
gitlab-ai-provider
npm dependencyexpand_more 23 low-confidence finding(s)
config.aiGatewayUrl || process.env['GITLAB_AI_GATEWAY_URL'] || DEFAULT_AI_GATEWAY_URL;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import * as fs from 'fs';
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const cacheHome = process.env.XDG_CACHE_HOME || path.join(os.homedir(), '.cache');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const raw = fs.readFileSync(this.filePath, 'utf-8');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(tmpPath, JSON.stringify(data, null, 2), { mode: 0o600 });
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import * as fs from 'fs';
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const cacheHome = process.env.XDG_CACHE_HOME || path.join(os.homedir(), '.cache');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const raw = fs.readFileSync(filePath, 'utf-8');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(filePath, JSON.stringify(data, null, 2), { mode: 0o600 });
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const envClientId = process.env['GITLAB_OAUTH_CLIENT_ID'];
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import * as fs from 'fs';
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const xdgDataHome = process.env.XDG_DATA_HOME;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const authData = JSON.parse(fs.readFileSync(authPath, 'utf-8'));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const authData = JSON.parse(fs.readFileSync(authPath, 'utf-8'));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(authPath, JSON.stringify(authData, null, 2), { mode: 0o600 });
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const envApiKey = process.env[options.environmentVariableName];
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const apiKey = process.env[options.environmentVariableName];
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
options.instanceUrl ?? process.env['GITLAB_INSTANCE_URL'] ?? 'https://gitlab.com';
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const apiKey = cachedApiKey || options.apiKey || process.env['GITLAB_TOKEN'] || '';
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(safePath, content, 'utf-8');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
content = fs.readFileSync(safePath, 'utf-8');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(safePath, newString, 'utf-8');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(safePath, newContent, 'utf-8');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
gray-matter
npm dependencyexpand_more 2 low-confidence finding(s)
const fs = require('fs');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const str = fs.readFileSync(filepath, 'utf8');
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
immer
npm dependencyexpand_more 5 low-confidence finding(s)
if (process.env.NODE_ENV !== "production" && isNaN(parseInt(prop as any)))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.NODE_ENV !== "production" &&
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (process.env.NODE_ENV !== "production") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.NODE_ENV !== "production"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if (process.env.NODE_ENV !== "production") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
minimatch
npm dependencyexpand_more 1 low-confidence finding(s)
process.env.__MINIMATCH_TESTING_PLATFORM__) ||
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
open
npm dependencyexpand_more 2 low-confidence finding(s)
const configContent = await fs.readFile(configFilePath, {encoding: 'utf8'});
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
: `${process.env.SYSTEMROOT || process.env.windir || 'C:\\Windows'}\\System32\\WindowsPowerShell\\v1.0\\powershell`;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
opentui-spinner
npm dependencyexpand_more 1 low-confidence finding(s)
writeFileSync(
absolutePath,
JSON.stringify(
{
meta: {
benchmarkVersion: BENCHMARK_VERSION,
timestamp: new Date().toISOString(),
args: process.argv.slice(2),
runtime: {
bun: Bun.version,
node: process.versions.node,
v8: process.versions.v8,
platform: process.platform,
arch: process.arch,
},
cpu: cpus()[0]?.model,
git: {
commit: git(["rev-parse", "HEAD"]),
branch: git(["branch", "--show-current"]),
dirty: Boolean(git(["status", "--porcelain"])),
},
correctnessChecksum,
},
results,
},
null,
2,
),
);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
remeda
npm dependencyexpand_more 5 low-confidence finding(s)
const beforePrettier = readFileSync(filePath, "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
writeFileSync(filePath, afterPrettier);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const content = await readFile(file, "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await writeFile(file, withSymbols);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const content = await readFile(file, "utf8");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
typescript
npm dependencyexpand_more 1 low-confidence finding(s)
const pkg = JSON.parse(fs.readFileSync(path.join(__dirname, "..", "package.json"), "utf8"));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
Skipped dependencies
Production
- @gitlab/opencode-gitlab-auth prod — dist-only: no readable source
- @opencode-ai/codemode prod — registry 404
- @opencode-ai/llm prod — registry 404
- @opencode-ai/tui prod — registry 404
- @solid-primitives/event-bus prod — dist-only: no readable source
- @solid-primitives/scheduled prod — dist-only: no readable source
- opencode-gitlab-auth prod — dist-only: no readable source
- opencode-poe-auth prod — dist-only: no readable source
- partial-json prod — dist-only: no readable source
- strip-ansi prod — scan budget exceeded
- tree-sitter-bash prod — scan budget exceeded
- tree-sitter-powershell prod — scan budget exceeded
- turndown prod — scan budget exceeded
- ulid prod — scan budget exceeded
- venice-ai-sdk-provider prod — scan budget exceeded
- vscode-jsonrpc prod — scan budget exceeded
- web-tree-sitter prod — scan budget exceeded
- ws prod — scan budget exceeded
- xdg-basedir prod — scan budget exceeded
- yargs prod — scan budget exceeded
- zod prod — scan budget exceeded
- @octokit/auth-app prod — scan budget exceeded
- hono prod — scan budget exceeded
- jose prod — scan budget exceeded
- @opencode-ai/client prod — scan budget exceeded
- electron-context-menu prod — scan budget exceeded
- electron-log prod — scan budget exceeded
- electron-store prod — scan budget exceeded
- electron-updater prod — scan budget exceeded
- electron-window-state prod — scan budget exceeded
- marked prod — scan budget exceeded
- acorn prod — scan budget exceeded
- @ai-sdk/provider-utils prod — scan budget exceeded
- @effect/sql-sqlite-bun prod — scan budget exceeded
- @npmcli/arborist prod — scan budget exceeded
- @npmcli/config prod — scan budget exceeded
- @opencode-ai/effect-drizzle-sqlite prod — scan budget exceeded
- @opencode-ai/effect-sqlite-node prod — scan budget exceeded
- bun-pty prod — scan budget exceeded
- which prod — scan budget exceeded
- @kobalte/core prod — scan budget exceeded
- @shikijs/transformers prod — scan budget exceeded
- @solid-primitives/bounds prod — scan budget exceeded
- @solid-primitives/event-listener prod — scan budget exceeded
- @solid-primitives/media prod — scan budget exceeded
- @solid-primitives/resize-observer prod — scan budget exceeded
- @shikijs/stream prod — scan budget exceeded
- dompurify prod — scan budget exceeded
- katex prod — scan budget exceeded
- luxon prod — scan budget exceeded
- marked-katex-extension prod — scan budget exceeded
- marked-shiki prod — scan budget exceeded
- morphdom prod — scan budget exceeded
- motion prod — scan budget exceeded
- motion-dom prod — scan budget exceeded
- motion-utils prod — scan budget exceeded
- remend prod — scan budget exceeded
- shiki prod — scan budget exceeded
- solid-list prod — scan budget exceeded
- @slack/bolt prod — scan budget exceeded
- @corvu/drawer prod — scan budget exceeded
- @dnd-kit/abstract prod — scan budget exceeded
- @dnd-kit/dom prod — scan budget exceeded
- @dnd-kit/helpers prod — scan budget exceeded
- @dnd-kit/solid prod — scan budget exceeded
- @pierre/trees prod — scan budget exceeded
- @solid-primitives/active-element prod — scan budget exceeded
- @solid-primitives/audio prod — scan budget exceeded
- @solid-primitives/scroll prod — scan budget exceeded
- @solid-primitives/timer prod — scan budget exceeded
- @solid-primitives/websocket prod — scan budget exceeded
- @tanstack/solid-query prod — scan budget exceeded
- @tanstack/solid-virtual prod — scan budget exceeded
- @thisbeyond/solid-dnd prod — scan budget exceeded
- ghostty-web prod — scan budget exceeded
- solid-presence prod — scan budget exceeded
- aws4fetch prod — scan budget exceeded
- @solidjs/start prod — scan budget exceeded
- @hono/standard-validator prod — scan budget exceeded
- hono-openapi prod — scan budget exceeded
- js-base64 prod — scan budget exceeded
- nitro prod — scan budget exceeded
- clipboardy prod — scan budget exceeded
- @astrojs/cloudflare prod — scan budget exceeded
- @astrojs/markdown-remark prod — scan budget exceeded
- @astrojs/solid-js prod — scan budget exceeded
- @astrojs/starlight prod — scan budget exceeded
- @fontsource/ibm-plex-mono prod — scan budget exceeded
- astro prod — scan budget exceeded
- lang-map prod — scan budget exceeded
- rehype-autolink-headings prod — scan budget exceeded
- toolbeam-docs-theme prod — scan budget exceeded
- @smithy/eventstream-codec prod — scan budget exceeded
- @smithy/util-utf8 prod — scan budget exceeded
- @effect/platform-node-shared prod — scan budget exceeded
- @jsx-email/all prod — scan budget exceeded
- @jsx-email/cli prod — scan budget exceeded
- @opencode-ai/console-core prod — scan budget exceeded
- @opencode-ai/console-resource prod — scan budget exceeded
- @aws-sdk/client-sts prod — scan budget exceeded
- @jsx-email/render prod — scan budget exceeded
- @opencode-ai/console-mail prod — scan budget exceeded
- @planetscale/database prod — scan budget exceeded
- postgres prod — scan budget exceeded
- stripe prod — scan budget exceeded
- @cloudflare/vite-plugin prod — scan budget exceeded
- @ibm/plex prod — scan budget exceeded
- @stripe/stripe-js prod — scan budget exceeded
- @upstash/redis prod — scan budget exceeded
- chart.js prod — scan budget exceeded
- solid-stripe prod — scan budget exceeded
- @aws-sdk/client-firehose prod — scan budget exceeded
- @opencode-ai/stats-core prod — scan budget exceeded
- @aws-sdk/client-athena prod — scan budget exceeded
- d3-geo prod — scan budget exceeded
- d3-scale prod — scan budget exceeded
- i18n-iso-countries prod — scan budget exceeded
- topojson-client prod — scan budget exceeded
- world-atlas prod — scan budget exceeded