Close Open Privacy Scan

bolt Snapshot: commit b230159
science engine v2
schedule 2026-07-01T23:11:34.360746+00:00

verified_user No application data leak found

No high-confidence exfiltration was found in application code.

App Privacy Score

97 /100
Low privacy risk

Low risk · 405 finding(s)

Dependency score: 82 (Low risk)

bar_chart Score Breakdown

env_fs −3

list Scan Summary

0 high 0 medium 405 low
First-party packages: 1
Dependency packages: 34
Ecosystem: npm

swap_horiz External domains

a#бa@bтест

</> First-Party Code

first-party (npm)

npm first-party
expand_more 50 low-confidence finding(s)
low env_fs production #32c15037bc3d9adc Environment-variable access.
repo/Makefile.js:89
	MOCHA_TIMEOUT = parseInt(process.env.ESLINT_MOCHA_TIMEOUT, 10) || 10000;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d011cbf1d27f8378 Filesystem access.
repo/Makefile.js:339
	fs.writeFileSync(filePath, `${JSON.stringify(data, null, 4)}\n`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #019271864af480bc Filesystem access.
repo/Makefile.js:389
	fs.writeFileSync(
		docsPackagePath,
		`${JSON.stringify(docsPackage, null, 4)}\n`,
	);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #67c5215c1514a377 Filesystem access.
repo/Makefile.js:431
		fs.writeFileSync(
			CHANGELOG_FILE,
			`${releaseInfo.markdownChangelog}${cat(CHANGELOG_FILE)}`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa36719d303354e8 Filesystem access.
repo/Makefile.js:440
		fs.writeFileSync(
			VERSIONS_FILE,
			`${JSON.stringify(versions, null, 4)}\n`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a8e372087aa133d Environment-variable access.
repo/Makefile.js:602
		if (process.env.CI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #93ee4ef1a2117416 Filesystem access.
repo/Makefile.js:1060
	fs.writeFileSync(PERF_ESLINT_CONFIG, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3fe3adabb1112991 Environment-variable access.
repo/docs/.eleventy.js:45
		process.env.BRANCH && /^v\d+\.x$/u.test(process.env.BRANCH);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a8ba75eb54ee9816 Environment-variable access.
repo/docs/.eleventy.js:47
	if (process.env.CONTEXT === "deploy-preview") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13b46453a7159f40 Environment-variable access.
repo/docs/.eleventy.js:49
	} else if (process.env.BRANCH === "latest") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b06d00d73f05b506 Environment-variable access.
repo/docs/.eleventy.js:51
	} else if (process.env.BRANCH === "next") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0bbc62075949e4d Environment-variable access.
repo/docs/.eleventy.js:54
		pathPrefix = `/docs/${process.env.BRANCH}/`; // `/docs/v8.x/`, `/docs/v9.x/`, `/docs/v10.x/` ...

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b135a3be7f4b15de Environment-variable access.
repo/docs/.eleventy.js:62
	const siteName = process.env.ESLINT_SITE_NAME || "en";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4508bb6a251a1212 Environment-variable access.
repo/docs/.eleventy.js:65
	eleventyConfig.addGlobalData("GIT_BRANCH", process.env.BRANCH);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #303a4d3bed176465 Environment-variable access.
repo/docs/.eleventy.js:66
	eleventyConfig.addGlobalData("HEAD", process.env.BRANCH === "main");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4078cc3ec6b74f20 Environment-variable access.
repo/docs/.eleventy.js:67
	eleventyConfig.addGlobalData("NOINDEX", process.env.BRANCH !== "latest");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a899910878835ae Environment-variable access.
repo/docs/.eleventy.js:250
				process.env.CONTEXT && process.env.CONTEXT !== "deploy-preview"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6bef5d9227e40933 Environment-variable access.
repo/docs/.eleventy.js:566
		process.env.CONTEXT && // if this is a build on Netlify ...

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #30fa94fde6e75702 Environment-variable access.
repo/docs/.eleventy.js:567
		process.env.CONTEXT !== "deploy-preview" && // ... and not for a deploy preview ...

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #90ce864353117aee Environment-variable access.
repo/docs/.eleventy.js:568
		process.env.BRANCH !== "latest" // .. and not of the `latest` branch ...

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c1f0d411dfd2749 Environment-variable access.
repo/docs/src/_data/eslintVersions.js:19
	const thisBranch = process.env.BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #50e4d5ffde02cb41 Filesystem access.
repo/docs/src/_data/site.js:26
	return yaml.load(fs.readFileSync(siteDataFile));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75e04088ded78c52 Filesystem access.
repo/lib/cli-engine/lint-result-cache.js:129
			results.source = fs.readFileSync(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ca8a22eaa63b33fb Filesystem access.
repo/lib/cli.js:133
			await writeFile(filePath, output);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74cfc854fed1228f Filesystem access.
repo/lib/eslint/eslint-helpers.js:1281
		const text = await fsp.readFile(filePath, {
			encoding: "utf8",
			signal: controller?.signal,
		});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #544307ca0d22351d Environment-variable access.
repo/lib/eslint/eslint-helpers.js:1326
	if (!process.env.ESLINT_FLAGS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #244ee456349b751e Environment-variable access.
repo/lib/eslint/eslint-helpers.js:1330
	const envFlags = process.env.ESLINT_FLAGS.trim().split(/\s*,\s*/gu);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4cfcb7ba3e61c5f8 Filesystem access.
repo/lib/eslint/eslint.js:825
					retrier.retry(() => fs.writeFile(r.filePath, r.output)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c485045ffe838948 Environment-variable access.
repo/lib/linter/timing.js:44
const enabled = !!process.env.TIMING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f52cc7735b4991dc Environment-variable access.
repo/lib/linter/timing.js:56
	if (typeof process.env.TIMING !== "string") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d3d384a5b37a25d7 Environment-variable access.
repo/lib/linter/timing.js:60
	if (process.env.TIMING.toLowerCase() === "all") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74d33edf595790b3 Environment-variable access.
repo/lib/linter/timing.js:64
	const TIMING_ENV_VAR_AS_INTEGER = Number.parseInt(process.env.TIMING, 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0f0c4cf44a18922 Filesystem access.
repo/lib/rule-tester/rule-tester.js:697
				let content = readFileSync(sourceFile, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed755075438090e9 Filesystem access.
repo/lib/services/suppressions-service.js:217
			const data = await fs.promises.readFile(this.filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b71c46001cae2523 Filesystem access.
repo/lib/services/suppressions-service.js:240
		return fs.promises.writeFile(
			this.filePath,
			stringify(suppressions, { space: 2 }),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #46c5bbb2b8f485f5 Filesystem access.
repo/tools/check-emfile-handling.js:74
		fs.writeFileSync(`${OUTPUT_DIRECTORY}/${fileName}`, fileContent);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33c5f23fd782ee11 Filesystem access.
repo/tools/check-emfile-handling.js:87
			return readFile(`${OUTPUT_DIRECTORY}/${fileName}`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #db3a333d6b0e9ed2 Filesystem access.
repo/tools/fetch-docs-links.js:81
	const links = JSON.parse(await fs.readFile(DATA_FILE_PATH, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82b67f1e8eadc786 Filesystem access.
repo/tools/fetch-docs-links.js:85
		const text = await fs.readFile(filename, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #38bf380ab01ea63c Filesystem access.
repo/tools/fetch-docs-links.js:106
	await fs.writeFile(DATA_FILE_PATH, JSON.stringify(links, null, 2), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a8189917b813c71 Filesystem access.
repo/tools/generate-formatter-examples.js:106
		await fs.readFile(TEMPLATE_FILENAME, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e1a25a6c7b5ba9f Filesystem access.
repo/tools/generate-formatter-examples.js:111
		fs.writeFile(INDEX_FILENAME, indexFileContent),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #695f5aa9931d38c9 Filesystem access.
repo/tools/generate-formatter-examples.js:112
		fs.writeFile(HTML_FORMATTER_FILENAME, formatterResults.html.result),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #632fd16568050b98 Filesystem access.
repo/tools/test-ecosystem/update.mjs:82
await fs.writeFile(
	pluginDataFilePath,
	await prettier.format(
		JSON.stringify({
			...pluginsData,
			...pluginsUpdated,
		}),
		{
			...(await prettier.resolveConfig(pluginDataFilePath.toString())),
			filepath: pluginDataFilePath.toString(),
		},
	),
);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8461aa581ba3a565 Filesystem access.
repo/tools/update-eslint-all.js:46
fs.writeFileSync("./packages/js/src/configs/eslint-all.js", code, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c112f8c752019438 Filesystem access.
repo/tools/update-eslint-recommended.js:51
fs.writeFileSync(
	"./packages/js/src/configs/eslint-recommended.js",
	code,
	"utf8",
);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34a7f10742490afc Filesystem access.
repo/tools/update-readme.js:31
const readme = fs.readFileSync(README_FILE_PATH, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #867d5a8e270b9f70 Filesystem access.
repo/tools/update-readme.js:141
	fs.writeFileSync(README_FILE_PATH, newReadme, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9fac380ead87759b Filesystem access.
repo/tools/update-rule-type-headers.js:278
	const sourceText = await readFile(ruleTypeFile, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4daa2be1561a4fd8 Filesystem access.
repo/tools/update-rule-type-headers.js:310
		await writeFile(ruleTypeFile, newSourceText);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

@babel/core

npm dependency
expand_more 6 low-confidence finding(s)
low env_fs dependency Excluded from app score #169c59f5b077167b Filesystem access.
pkgs/npm/@[email protected]/lib/config/files/index.js:20
    return fn(filepath, yield* readFile(filepath, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3eacca8616fd1a7c Environment-variable access.
pkgs/npm/@[email protected]/lib/config/files/index.js:326
  const targetPath = process.env.BABEL_SHOW_CONFIG_FOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0eb456288ec81cc7 Environment-variable access.
pkgs/npm/@[email protected]/lib/index-shared.js:315
  return process.env.BABEL_ENV || process.env.NODE_ENV || defaultValue;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba49101095d44bb6 Environment-variable access.
pkgs/npm/@[email protected]/lib/index-shared.js:1761
  if (typeof process !== "undefined" && process.env.BABEL_7_TO_8_DANGEROUSLY_DISABLE_VERSION_CHECK) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe13b24baa332076 Filesystem access.
pkgs/npm/@[email protected]/lib/transform-file.js:12
  const code = yield* readFile(filename, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5f7cee2178cab80 Filesystem access.
pkgs/npm/@[email protected]/lib/transformation/read-input-source-map-file.js:65
    const inputMapContent = fs.readFileSync(inputMapPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@eslint/eslintrc

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #0fa12d43252fa741 Filesystem access.
pkgs/npm/@[email protected]/lib/config-array-factory.js:154
    return fs.readFileSync(filePath, "utf8").replace(/^\ufeff/u, "");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@humanfs/node

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #9f2161cd46c21ed3 Filesystem access.
pkgs/npm/@[email protected]/src/node-hfs.js:118
			.retry(() => this.#fsp.readFile(filePath))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5974a4e85b98c39 Filesystem access.
pkgs/npm/@[email protected]/src/node-hfs.js:143
			.retry(() => this.#fsp.writeFile(filePath, value))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be706b9182763f38 Filesystem access.
pkgs/npm/@[email protected]/src/node-hfs.js:155
						.then(() => this.#fsp.writeFile(filePath, value));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

babel-loader

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #f5dc5f82996b502c Filesystem access.
pkgs/npm/[email protected]/lib/cache.js:63
  const data = await readFile(filename + (compress ? ".gz" : ""));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d083dc5fe9e1e393 Filesystem access.
pkgs/npm/[email protected]/lib/cache.js:78
  return await writeFile(filename + (compress ? ".gz" : ""), data);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

c8

npm dependency
expand_more 11 low-confidence finding(s)
low env_fs dependency Excluded from app score #76f256821ef0f18c Environment-variable access.
pkgs/npm/[email protected]/bin/c8.js:27
    process.env.NODE_V8_COVERAGE = argv.tempDirectory

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ce3225787abb6e0 Environment-variable access.
pkgs/npm/[email protected]/lib/commands/report.js:40
    monocartArgv: (argv.experimentalMonocart || process.env.EXPERIMENTAL_MONOCART) ? argv : null

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ceea8f2ade9f23f Filesystem access.
pkgs/npm/[email protected]/lib/parse-args.js:4
const { readFileSync } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9288a328510f661 Filesystem access.
pkgs/npm/[email protected]/lib/parse-args.js:18
        const config = JSON.parse(readFileSync(path))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffeb1408bd56776a Environment-variable access.
pkgs/npm/[email protected]/lib/parse-args.js:129
      default: process.env.NODE_V8_COVERAGE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9958548a0efef637 Filesystem access.
pkgs/npm/[email protected]/lib/report.js:9
  ;({ readFile } = require('fs').promises)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #741402cb792724e9 Filesystem access.
pkgs/npm/[email protected]/lib/report.js:11
const { readdirSync, readFileSync, statSync } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b18a68db865578dc Filesystem access.
pkgs/npm/[email protected]/lib/report.js:452
        reports.push(JSON.parse(readFileSync(
          resolve(this.tempDirectory, file),
          'utf8'
        )))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c984ac7864b74f1 Filesystem access.
pkgs/npm/[email protected]/lib/source-map-from-file.js:27
const { readFileSync } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4f5ad10276fd2fa Filesystem access.
pkgs/npm/[email protected]/lib/source-map-from-file.js:40
  const fileBody = readFileSync(filename).toString()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5019f4d7e72dfa23 Filesystem access.
pkgs/npm/[email protected]/lib/source-map-from-file.js:71
    const content = readFileSync(fileURLToPath(mapURL), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

common-tags

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #7bd5ca1d7aa54cf5 Filesystem access.
pkgs/npm/[email protected]/es/utils/readFromFixture/readFromFixture.js:1
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3832acbb34c7cc16 Filesystem access.
pkgs/npm/[email protected]/lib/utils/readFromFixture/readFromFixture.js:8
var _fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

core-js

npm dependency
expand_more 6 low-confidence finding(s)
low egress dependency Excluded from app score #9f40f6fd3d916ab7 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/internals/url-constructor-detection.js:32
    || new URL('https://a@b').username !== 'a'

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #8184c69d681919d2 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/internals/url-constructor-detection.js:35
    || new URL('https://тест').host !== 'xn--e1aybc'

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #78f9b9f2a2915caf Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/internals/url-constructor-detection.js:37
    || new URL('https://a#б').hash !== '#%D0%B1'

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #c1e30e8e4b3f03b5 Filesystem access.
pkgs/npm/[email protected]/postinstall.js:4
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #575b1ed09288f008 Filesystem access.
pkgs/npm/[email protected]/postinstall.js:44
      banners = JSON.parse(fs.readFileSync(file));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55769fd052d07dc5 Filesystem access.
pkgs/npm/[email protected]/postinstall.js:52
    fs.writeFileSync(file, JSON.stringify(banners), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

cross-spawn

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #51d8b8f54f23a97a Environment-variable access.
pkgs/npm/[email protected]/lib/parse.js:58
        parsed.command = process.env.comspec || 'cmd.exe';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bdf5dcd813f8f50b Filesystem access.
pkgs/npm/[email protected]/lib/util/readShebang.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

debug

npm dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #1315387cf68c59ef Environment-variable access.
pkgs/npm/[email protected]/src/browser.js:230
		r = process.env.DEBUG;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f473b362e6d1a87 Environment-variable access.
pkgs/npm/[email protected]/src/node.js:136
	let val = process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2044813eaa2ff8a Environment-variable access.
pkgs/npm/[email protected]/src/node.js:205
		process.env.DEBUG = namespaces;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cabb23d102a900e7 Environment-variable access.
pkgs/npm/[email protected]/src/node.js:209
		delete process.env.DEBUG;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3603136e78d4a71d Environment-variable access.
pkgs/npm/[email protected]/src/node.js:221
	return process.env.DEBUG;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ejs

npm dependency
expand_more 20 low-confidence finding(s)
low env_fs dependency Excluded from app score #70a435b3a2fdbc03 Filesystem access.
pkgs/npm/[email protected]/bin/cli.js:26
let fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d188e1c1b97ac70 Filesystem access.
pkgs/npm/[email protected]/bin/cli.js:28
let usage = fs.readFileSync(`${__dirname}/../usage.txt`).toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e69b9095b2dc6787 Filesystem access.
pkgs/npm/[email protected]/bin/cli.js:193
    input = fs.readFileSync(pOpts.dataFile).toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01c9bebf8d4e10c1 Filesystem access.
pkgs/npm/[email protected]/bin/cli.js:206
  let template = fs.readFileSync(opts.filename).toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7387eb158e9c5e0 Filesystem access.
pkgs/npm/[email protected]/bin/cli.js:209
    fs.writeFileSync(pOpts.outputFile, output);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49bac381f9ed0019 Filesystem access.
pkgs/npm/[email protected]/ejs.js:24
var fs_1 = __importDefault(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #456b116d3b57a538 Filesystem access.
pkgs/npm/[email protected]/jakefile.js:1
let fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72ccc51b1bc79dbb Filesystem access.
pkgs/npm/[email protected]/jakefile.js:34
  let source = fs.readFileSync('lib/cjs/ejs.js', 'utf8').toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a5e24cc24e4276e Filesystem access.
pkgs/npm/[email protected]/jakefile.js:51
  fs.writeFileSync('lib/cjs/ejs.js', source);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2191a1b1f158e2f Filesystem access.
pkgs/npm/[email protected]/jakefile.js:52
  let utilsSource = fs.readFileSync('lib/cjs/utils.js', 'utf8').toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64d79f4e2f4bc39e Filesystem access.
pkgs/npm/[email protected]/jakefile.js:55
  fs.writeFileSync('lib/cjs/utils.js', utilsSource);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c634f4d515b172f Filesystem access.
pkgs/npm/[email protected]/jakefile.js:56
  let parseargsSource = fs.readFileSync('lib/cjs/parseargs.js', 'utf8').toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad4250fb506282c0 Filesystem access.
pkgs/npm/[email protected]/jakefile.js:59
  fs.writeFileSync('lib/cjs/parseargs.js', parseargsSource);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #553936fb52a59f00 Filesystem access.
pkgs/npm/[email protected]/jakefile.js:60
  fs.writeFileSync('lib/cjs/package.json', '{"type":"commonjs"}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0eeba6d48c95f17f Filesystem access.
pkgs/npm/[email protected]/jakefile.js:113
  fs.writeFileSync('out/CNAME', 'api.ejs.co');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f57fc08fc5784ea Filesystem access.
pkgs/npm/[email protected]/jakefile.js:144
      fs.writeFileSync(path.join(fixtureDir, 'package.json'), JSON.stringify({
        private: true,
        type: 'module'
      }, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e631a60bdd56005 Filesystem access.
pkgs/npm/[email protected]/jakefile.js:152
      fs.writeFileSync(path.join(fixtureDir, 'cjs-smoke.cjs'), [
        'const assert = require("assert");',
        'const ejs = require("ejs");',
        'assert.equal(typeof ejs.render, "function");',
        'assert.equal(ejs.render("<%= name %>", {name: "<>&"}), "&lt;&gt;&amp;");',
        ''
      ].join('\n'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95d54fe0682f20d6 Filesystem access.
pkgs/npm/[email protected]/jakefile.js:162
      fs.writeFileSync(path.join(fixtureDir, 'esm-smoke.mjs'), [
        'import assert from "node:assert/strict";',
        'import ejs from "ejs";',
        'assert.equal(typeof ejs.render, "function");',
        'assert.equal(ejs.render("<%= name %>", {name: "<>&"}), "&lt;&gt;&amp;");',
        ''
      ].join('\n'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05b0d7e676835707 Filesystem access.
pkgs/npm/[email protected]/jakefile.js:172
      fs.writeFileSync(path.join(fixtureDir, 'template.ejs'), 'Hello <%= name %>');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d7bc95ec0a4c1b2 Filesystem access.
pkgs/npm/[email protected]/lib/cjs/ejs.js:23
var fs_1 = __importDefault(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

eslint

npm dependency
expand_more 13 low-confidence finding(s)
low env_fs dependency Excluded from app score #9d0bf4c39ef436d4 Filesystem access.
pkgs/npm/[email protected]/lib/cli-engine/lint-result-cache.js:129
			results.source = fs.readFileSync(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c35bb4806c8585af Filesystem access.
pkgs/npm/[email protected]/lib/cli.js:133
			await writeFile(filePath, output);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fda2c33508295385 Filesystem access.
pkgs/npm/[email protected]/lib/eslint/eslint-helpers.js:1281
		const text = await fsp.readFile(filePath, {
			encoding: "utf8",
			signal: controller?.signal,
		});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7caadbe6cbbedbb0 Environment-variable access.
pkgs/npm/[email protected]/lib/eslint/eslint-helpers.js:1326
	if (!process.env.ESLINT_FLAGS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d39ed2a3a93152f Environment-variable access.
pkgs/npm/[email protected]/lib/eslint/eslint-helpers.js:1330
	const envFlags = process.env.ESLINT_FLAGS.trim().split(/\s*,\s*/gu);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36fbf2ad81703c69 Filesystem access.
pkgs/npm/[email protected]/lib/eslint/eslint.js:825
					retrier.retry(() => fs.writeFile(r.filePath, r.output)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #144c3dde69d08865 Environment-variable access.
pkgs/npm/[email protected]/lib/linter/timing.js:44
const enabled = !!process.env.TIMING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2f8a8dadb526891 Environment-variable access.
pkgs/npm/[email protected]/lib/linter/timing.js:56
	if (typeof process.env.TIMING !== "string") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbb033f07ef31b1a Environment-variable access.
pkgs/npm/[email protected]/lib/linter/timing.js:60
	if (process.env.TIMING.toLowerCase() === "all") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c478e5195c3af8e Environment-variable access.
pkgs/npm/[email protected]/lib/linter/timing.js:64
	const TIMING_ENV_VAR_AS_INTEGER = Number.parseInt(process.env.TIMING, 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f803ca65f92c242 Filesystem access.
pkgs/npm/[email protected]/lib/rule-tester/rule-tester.js:697
				let content = readFileSync(sourceFile, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69e51df369ebae38 Filesystem access.
pkgs/npm/[email protected]/lib/services/suppressions-service.js:217
			const data = await fs.promises.readFile(this.filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a99ef9e18a63677e Filesystem access.
pkgs/npm/[email protected]/lib/services/suppressions-service.js:240
		return fs.promises.writeFile(
			this.filePath,
			stringify(suppressions, { space: 2 }),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

eslint-plugin-expect-type

npm dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #a5e3cd3eaeb7a189 Filesystem access.
pkgs/npm/[email protected]/lib/utils/programs.js:41
    return ts.sys.readFile(...args);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51f398b9d4eacb78 Filesystem access.
pkgs/npm/[email protected]/lib/utils/programs.js:47
    readFile: (file) => import_node_fs.default.readFileSync(file, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a922bb7e01823a1 Filesystem access.
pkgs/npm/[email protected]/lib/utils/programs.mjs:9
    return ts.sys.readFile(...args);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10362dbd91127eca Filesystem access.
pkgs/npm/[email protected]/lib/utils/programs.mjs:15
    readFile: (file) => fs.readFileSync(file, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

eslint-plugin-jsdoc

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #eec1ecfddbc04d62 Filesystem access.
pkgs/npm/[email protected]/src/getJsdocProcessorPlugin.js:35
  readFileSync(join(import.meta.dirname, '../package.json'), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #503ae24f099cca98 Filesystem access.
pkgs/npm/[email protected]/src/rules/importsAsDependencies.js:26
      readFileSync(join(process.cwd(), './package.json'), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42cdf5006ef4754b Filesystem access.
pkgs/npm/[email protected]/src/rules/importsAsDependencies.js:101
              readFileSync(join(process.cwd(), 'node_modules', mod, './package.json'), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

eslint-plugin-n

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #274cf57e1263e329 Filesystem access.
pkgs/npm/[email protected]/lib/util/get-npmignore.js:145
    ig.add(fs.readFileSync(filePath, "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a9278d56052ac92 Filesystem access.
pkgs/npm/[email protected]/lib/util/get-package-json.js:21
        const text = fs.readFileSync(filePath, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

eslint-plugin-unicorn

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #5e6ec0f42826263e Filesystem access.
pkgs/npm/[email protected]/rules/shared/package-json.js:33
			packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

eslint-release

npm dependency
expand_more 16 low-confidence finding(s)
low env_fs dependency Excluded from app score #92b48d1d0a6e9142 Filesystem access.
pkgs/npm/[email protected]/lib/release-ops.js:14
const fs = require("fs"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f90ce7753f85f65d Filesystem access.
pkgs/npm/[email protected]/lib/release-ops.js:70
    return JSON.parse(fs.readFileSync(filePath, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf66bed5d0d43037 Environment-variable access.
pkgs/npm/[email protected]/lib/release-ops.js:106
    if (!process.env.NPM_TOKEN) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dfd6b064d7e1cf3b Environment-variable access.
pkgs/npm/[email protected]/lib/release-ops.js:111
    if (!process.env.ESLINT_GITHUB_TOKEN) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50c2caaba31acd5d Filesystem access.
pkgs/npm/[email protected]/lib/release-ops.js:355
    fs.writeFileSync(
        "CHANGELOG.tmp",
        releaseInfo.markdownChangelog
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f473852f00655247 Filesystem access.
pkgs/npm/[email protected]/lib/release-ops.js:362
        fs.writeFileSync("CHANGELOG.md", "");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05ed448b42ca468c Filesystem access.
pkgs/npm/[email protected]/lib/release-ops.js:365
    const data = `${fs.readFileSync("CHANGELOG.tmp", "utf-8")}${fs.readFileSync("CHANGELOG.md", "utf-8")}`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #babbc6d17acc68d6 Filesystem access.
pkgs/npm/[email protected]/lib/release-ops.js:367
    fs.writeFileSync("CHANGELOG.md.tmp", data);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #927f39f9000ea2b6 Filesystem access.
pkgs/npm/[email protected]/lib/release-ops.js:412
    fs.writeFileSync(".eslint-release-info.json", JSON.stringify(releaseInfo, null, 4));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65a2f7accacb8dea Environment-variable access.
pkgs/npm/[email protected]/lib/release-ops.js:448
        gh = new GitHub({ token: process.env.ESLINT_GITHUB_TOKEN }),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c06bafa4a83376e Filesystem access.
pkgs/npm/[email protected]/lib/release-ops.js:475
    const releaseInfo = JSON.parse(fs.readFileSync(".eslint-release-info.json", "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22e014f8c98998dd Filesystem access.
pkgs/npm/[email protected]/lib/release-ops.js:480
        oldNpmrcContents = fs.readFileSync(".npmrc", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69b47ba890f9c5cb Filesystem access.
pkgs/npm/[email protected]/lib/release-ops.js:487
    fs.writeFileSync(".npmrc", "//registry.npmjs.org/:_authToken=${NPM_TOKEN}");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f795accbcea04ce5 Environment-variable access.
pkgs/npm/[email protected]/lib/release-ops.js:494
    if (process.env.NPM_OTP && /^\d+$/.test(process.env.NPM_OTP)) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d3453b713bb1415 Environment-variable access.
pkgs/npm/[email protected]/lib/release-ops.js:495
        command += ` --otp=${process.env.NPM_OTP}`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79340918ba10306b Filesystem access.
pkgs/npm/[email protected]/lib/release-ops.js:503
        fs.writeFileSync(".npmrc", oldNpmrcContents);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

eslump

npm dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #b67f6381d2191cfd Filesystem access.
pkgs/npm/[email protected]/src/cli-program.js:4
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45b3266569e28c6c Filesystem access.
pkgs/npm/[email protected]/src/cli-program.js:171
      reproductionCode = fs.readFileSync(codePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17f71109531e6035 Filesystem access.
pkgs/npm/[email protected]/src/cli-program.js:183
      reproductionDataString = fs.readFileSync(dataPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eef13fc735903e31 Filesystem access.
pkgs/npm/[email protected]/src/cli-program.js:293
      fs.writeFileSync(fullPath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f82da463913fba76 Environment-variable access.
pkgs/npm/[email protected]/src/cli-program.js:336
    process.env.NODE_ENV === "test"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

esprima

npm dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #cde0e635ccf5568f Filesystem access.
pkgs/npm/[email protected]/bin/esparse.js:31
    fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8708750528f355b4 Filesystem access.
pkgs/npm/[email protected]/bin/esparse.js:125
        run(fs.readFileSync(fname, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e66d3420fa235fec Filesystem access.
pkgs/npm/[email protected]/bin/esvalidate.js:34
        fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59e1a0946bcb2e45 Filesystem access.
pkgs/npm/[email protected]/bin/esvalidate.js:38
        fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2d2848a1d62c887 Filesystem access.
pkgs/npm/[email protected]/bin/esvalidate.js:206
            content = fs.readFileSync(fname, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

fs-teardown

npm dependency
expand_more 17 low-confidence finding(s)
low env_fs dependency Excluded from app score #b869f37950c1ffa3 Filesystem access.
pkgs/npm/[email protected]/lib/index.js:7
var require$$0$2 = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f73a5732261762ed Environment-variable access.
pkgs/npm/[email protected]/lib/index.js:180
var platform = process.env.GRACEFUL_FS_PLATFORM || process.platform;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a77c4fc4298bac0 Environment-variable access.
pkgs/npm/[email protected]/lib/index.js:689
else if (/\bgfs4\b/i.test(process.env.NODE_DEBUG || ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8742434df190914 Environment-variable access.
pkgs/npm/[email protected]/lib/index.js:738
  if (/\bgfs4\b/i.test(process.env.NODE_DEBUG || '')) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0141f1564c6c52fa Environment-variable access.
pkgs/npm/[email protected]/lib/index.js:751
if (process.env.TEST_GRACEFUL_FS_GLOBAL_PATCH && !fs$h.__patched) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #528d9e0ea96de397 Filesystem access.
pkgs/npm/[email protected]/lib/index.js:2154
    fs$7.writeFile(file, '', err => {
      if (err) return callback(err)
      callback();
    });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e7abab97c4a5b6f Filesystem access.
pkgs/npm/[email protected]/lib/index.js:2207
  fs$7.writeFileSync(file, '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d4b70c5b95534df Filesystem access.
pkgs/npm/[email protected]/lib/index.js:2598
    let content = fs.readFileSync(file, options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a8f9c78944938eb Filesystem access.
pkgs/npm/[email protected]/lib/index.js:2626
  return fs.writeFileSync(file, str, options)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5fe6a8c7b909d3b Filesystem access.
pkgs/npm/[email protected]/lib/index.js:2663
    if (itDoes) return fs$2.writeFile(file, data, encoding, callback)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6e78ef340f24f94 Filesystem access.
pkgs/npm/[email protected]/lib/index.js:2668
      fs$2.writeFile(file, data, encoding, callback);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c16ff7176a90e51c Filesystem access.
pkgs/npm/[email protected]/lib/index.js:2676
    return fs$2.writeFileSync(file, ...args)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4551c125654b3528 Filesystem access.
pkgs/npm/[email protected]/lib/index.js:2679
  fs$2.writeFileSync(file, ...args);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #129d6f8e9105d7bd Filesystem access.
pkgs/npm/[email protected]/lib/index.js:3046
                    return [4 /*yield*/, lib$1.writeFile(absoluteFilePath, content)];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #051f696acb9eb705 Filesystem access.
pkgs/npm/[email protected]/lib/index.js:3133
                            return [4 /*yield*/, lib$1.readFile(absolutePath)];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88b2fae6e8ffef76 Filesystem access.
pkgs/npm/[email protected]/lib/index.js:3150
                            lib$1.readFileSync(absolutePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba55bdb561e70f97 Filesystem access.
pkgs/npm/[email protected]/lib/index.js:3151
                            return [4 /*yield*/, lib$1.writeFile(absolutePath, content)];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

gray-matter

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #20fdc2d0623376ab Filesystem access.
pkgs/npm/[email protected]/index.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37f1a434fdc89e8f Filesystem access.
pkgs/npm/[email protected]/index.js:179
  const str = fs.readFileSync(filepath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

jiti

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #8905bed0d2d7cadc Environment-variable access.
pkgs/npm/[email protected]/lib/jiti-cli.mjs:15
if (nodeModule.enableCompileCache && !process.env.NODE_DISABLE_COMPILE_CACHE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a0148d0644dc1d4 Filesystem access.
pkgs/npm/[email protected]/lib/jiti-hooks.mjs:45
  const rawSource = await readFile(filename, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ed940d6a5ac742d Filesystem access.
pkgs/npm/[email protected]/lib/jiti-hooks.mjs:121
    return JSON.parse(await readFile(packageJsonPath, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

lint-staged

npm dependency
expand_more 20 low-confidence finding(s)
low env_fs dependency Excluded from app score #fa237ededea566bb Filesystem access.
pkgs/npm/[email protected]/lib/cli.js:205
  const packageJsonFile = await readFile(path.join(dirname, '../package.json'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1d076b1ee8b10c0 Filesystem access.
pkgs/npm/[email protected]/lib/file.js:16
    return await fs.readFile(filename)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b76bfb1f15d2122e Filesystem access.
pkgs/npm/[email protected]/lib/file.js:52
  await fs.writeFile(filename, buffer)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba6022d61f7a05c4 Filesystem access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:145
      readFile(this.mergeHeadFilename).then((buffer) => (this.mergeHeadBuffer = buffer)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00f2f730dd90a37f Filesystem access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:146
      readFile(this.mergeModeFilename).then((buffer) => (this.mergeModeBuffer = buffer)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f84bb719b06674d5 Filesystem access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:147
      readFile(this.mergeMsgFilename).then((buffer) => (this.mergeMsgBuffer = buffer)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #defeeaeef0b64ec0 Filesystem access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:159
        this.mergeHeadBuffer && writeFile(this.mergeHeadFilename, this.mergeHeadBuffer),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95b2a28964f6f017 Filesystem access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:160
        this.mergeModeBuffer && writeFile(this.mergeModeFilename, this.mergeModeBuffer),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf73b540a60463c3 Filesystem access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:161
        this.mergeMsgBuffer && writeFile(this.mergeMsgFilename, this.mergeMsgBuffer),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9fc6d384b36ee082 Environment-variable access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:311
    const activeIndexFile = process.env.GIT_INDEX_FILE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f3ea651cbb1a800 Environment-variable access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:312
      ? normalizePath(process.env.GIT_INDEX_FILE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37111d346e447cd0 Environment-variable access.
pkgs/npm/[email protected]/lib/gitWorkflow.js:313
      : process.env.GIT_INDEX_FILE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c24b03d95ea6bd90 Environment-variable access.
pkgs/npm/[email protected]/lib/index.js:150
  debugLog('Unset GIT_LITERAL_PATHSPECS (was `%s`)', process.env.GIT_LITERAL_PATHSPECS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #457cbd3483770da3 Environment-variable access.
pkgs/npm/[email protected]/lib/index.js:151
  delete process.env.GIT_LITERAL_PATHSPECS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5e7397ff1cf38d2 Filesystem access.
pkgs/npm/[email protected]/lib/loadConfig.js:14
const readFile = async (filename) => fs.readFile(path.resolve(filename), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51c3893007748910 Environment-variable access.
pkgs/npm/[email protected]/lib/resolveGitRepo.js:42
    debugLog('Unset GIT_DIR (was `%s`)', process.env.GIT_DIR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #953c7faf4bf4a014 Environment-variable access.
pkgs/npm/[email protected]/lib/resolveGitRepo.js:43
    delete process.env.GIT_DIR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8043ce272331d7e9 Environment-variable access.
pkgs/npm/[email protected]/lib/resolveGitRepo.js:44
    debugLog('Unset GIT_WORK_TREE (was `%s`)', process.env.GIT_WORK_TREE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26b7cd542f4b2fd5 Environment-variable access.
pkgs/npm/[email protected]/lib/resolveGitRepo.js:45
    delete process.env.GIT_WORK_TREE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #233c63f5a1835306 Filesystem access.
pkgs/npm/[email protected]/lib/version.js:4
  const packageJson = JSON.parse(await fs.readFile(new URL('../package.json', import.meta.url)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

markdown-it

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #167cdea78a4e227f Filesystem access.
pkgs/npm/[email protected]/bin/markdown-it.mjs:15
  version: JSON.parse(fs.readFileSync(new URL('../package.json', import.meta.url))).version

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa0fd1c2a7186956 Filesystem access.
pkgs/npm/[email protected]/bin/markdown-it.mjs:62
    fs.readFile(filename, encoding, callback)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1dafc36fdef5da82 Filesystem access.
pkgs/npm/[email protected]/bin/markdown-it.mjs:105
    fs.writeFileSync(options.output, output)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

markdownlint-cli2

npm dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #0cb7654baafcc4ec Filesystem access.
pkgs/npm/[email protected]/markdownlint-cli2.mjs:39
const readJsonc = (/** @type {string} */ file, /** @type {FsLike} */ fs) => fs.promises.readFile(file, utf8).then(jsoncParse);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f25d9b7df0861ce Filesystem access.
pkgs/npm/[email protected]/markdownlint-cli2.mjs:42
const readToml = (/** @type {string} */ file, /** @type {FsLike} */ fs) => fs.promises.readFile(file, utf8).then(tomlParse);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5aa6e4fe13e5ab00 Filesystem access.
pkgs/npm/[email protected]/markdownlint-cli2.mjs:45
const readYaml = (/** @type {string} */ file, /** @type {FsLike} */ fs) => fs.promises.readFile(file, utf8).then(yamlParse);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b3f2dd75097284b Filesystem access.
pkgs/npm/[email protected]/markdownlint-cli2.mjs:802
            subTasks.push(fs.promises.readFile(fileName, utf8).

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf9aa2f098807537 Filesystem access.
pkgs/npm/[email protected]/markdownlint-cli2.mjs:805
                return fs.promises.writeFile(fileName, fixed, utf8);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

mocha

npm dependency
expand_more 13 low-confidence finding(s)
low env_fs dependency Excluded from app score #90affb510cd265e4 Filesystem access.
pkgs/npm/[email protected]/lib/cli/config.js:39
    require("js-yaml").load(fs.readFileSync(filepath, "utf8")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f28eaf6eb854937 Filesystem access.
pkgs/npm/[email protected]/lib/cli/config.js:55
      require("strip-json-comments")(fs.readFileSync(filepath, "utf8")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b168cbebf79ac046 Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:27
  const css = fs.readFileSync(path.join(srcdir, "mocha.css"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed3146712b6155df Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:28
  const js = fs.readFileSync(path.join(srcdir, "mocha.js"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26ad6f5baca62800 Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:29
  const tmpl = fs.readFileSync(
    path.join(srcdir, "lib", "browser", "template.html"),
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5b3648f35993a48 Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:32
  fs.writeFileSync(path.join(destdir, "mocha.css"), css);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a3942dbef3962f5 Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:33
  fs.writeFileSync(path.join(destdir, "mocha.js"), js);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8388658d0f0b7263 Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:34
  fs.writeFileSync(path.join(destdir, "tests.spec.js"), "");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab2893635dfd30f9 Filesystem access.
pkgs/npm/[email protected]/lib/cli/init.js:35
  fs.writeFileSync(path.join(destdir, "index.html"), tmpl);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1208cfa6120f7e72 Filesystem access.
pkgs/npm/[email protected]/lib/cli/options.js:240
      configData = fs.readFileSync(filepath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd65f13cd6a3fd09 Environment-variable access.
pkgs/npm/[email protected]/lib/cli/options.js:302
  const envConfig = parse(process.env.MOCHA_OPTIONS || "");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78d2b36b61175dae Environment-variable access.
pkgs/npm/[email protected]/lib/reporters/base.js:58
  (supportsColor.stdout || process.env.MOCHA_COLORS !== undefined);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2411f720a795f93f Filesystem access.
pkgs/npm/[email protected]/lib/reporters/json.js:90
        fs.writeFileSync(output, json);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

npm-license

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #77b89eff978b1135 Filesystem access.
pkgs/npm/[email protected]/lib/index.js:11
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

prettier

npm dependency
expand_more 57 low-confidence finding(s)
low env_fs dependency Excluded from app score #263c0e859e48cd3d Environment-variable access.
pkgs/npm/[email protected]/bin/prettier.cjs:66
if (process.env.PRETTIER_EXPERIMENTAL_CLI || index !== -1) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98d5ba677c2ed23c Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:10
import { createWriteStream } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65d5bb486da338af Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:15
import fs from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e773554787f5e57 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:371
  return dist_default.retry.readFile(retryOptions)(filePath, options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b70cd5192df6e52a Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:516
import { statSync, realpathSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #875fff3454ed90c9 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:526
import fs2 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66bd13d8bb7dce1d Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:878
    string2 = fs2.readFileSync(path3.toNamespacedPath(jsonPath), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2fcc8cca33eb931 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:1878
import fs3 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c64d8418a2b16ce2 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:1955
          const content = fs3.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d098ebed7c6401ee Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:1961
          return fs3.writeFileSync(filePath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce056b63fa9cf591 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:54
import fs from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a717de762e0972f Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:96
import fs2 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9a85aa296f4d711 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:107
      const buffer2 = attempt(() => fs2.readFileSync(path18), Buffer2.alloc(0));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ea33b86a5122d64 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:116
import fs3 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22e81ac667cebe95 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:612
import fs4 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a28abda933d22a2 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:627
              const content = fs4.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84fa117b5f43dcd2 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:633
              return fs4.writeFileSync(filePath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f0c6ad5745d781a Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:2515
import fs5 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6487e037e5fb07c1 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:2525
    string2 = fs5.readFileSync(path4.toNamespacedPath(jsonPath), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c0b294815b12927 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:2743
import { statSync, realpathSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b41feeff39de31e Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:3607
import fs6 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #388b16f09f00a661 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:4855
import fs7 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #427472686ad822fc Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:5794
import fs8 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06bb76e84cb5b90f Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:5820
          const store = JSON.parse(fs8.readFileSync(this.storePath, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c997ae85d5e4850 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:5835
          fs8.writeFileSync(this.storePath, store);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd0e1f1cd1e93785 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:5850
          const content = fs8.readFileSync(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf577c95f9fbf8dc Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:6238
import fs9 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e88af82852c33085 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:6252
        return fs9.readFile(filePath, "utf8").then(parse_default2).catch(noop2);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbb7f3e27aad67d2 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:6582
import fs10 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f876b813bac80c02 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:6594
      return fs10.readFile(filePath, "utf8").catch(noop2);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8fb435609387ed2a Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:10466
import fs11 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #373003a169a72520 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:10488
        const fileContent = fs11.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0be5a0b2efb20d97 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:10493
        const fileContent = fs11.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac96f3423559cd94 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:10499
        const fileBuffer = fs11.readFileSync(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36322814effca47c Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:10515
        const fileContent = fs11.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa39b5fb94bd36f2 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:10521
        const fileContent = fs11.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2e7286e03d49caa Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:11366
import fs12 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #740409190bf92ffb Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:11559
import { createWriteStream } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6665392e6b90a20 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:11567
  return dist_default36.retry.readFile(retryOptions)(filePath, options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffe5cb566d0ea936 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:12330
import fs13 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d49da1001cd637d Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:12395
  const ignoreManualFilesContents = await Promise.all(ignoreManualFilesPaths.map((filePath) => fs13.readFile(filePath, "utf8").catch(() => "")));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf034bceca57ba66 Filesystem access.
pkgs/npm/[email protected]/internal/experimental-cli.mjs:12400
  const prettierManualFilesContents = await Promise.all(prettierManualFilesPaths.map((filePath) => fs13.readFile(filePath, "utf8")));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b17ea84ff0de3a53 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1233
import fs from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2d37bbc39c44b56 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1554
import fs9 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #534653fbae77e4a2 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1778
import fs4 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b1f98c0da9195f2 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1786
import fs3 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c2984d866708ce9 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1794
import fs2 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10cfb7324fbc0c56 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1888
    const data = await fs4.readFile(cacheFile, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a26a35027096a12d Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1906
import fs7 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c95ff9f7f17a0c6e Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1910
import fs6 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee7ae27784e2ed48 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:1914
import fs5 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8d63f4e04654277 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:4302
      const data = fs5.readFileSync(pathToFile, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dff17f41c0c69350 Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:4506
        fs5.writeFileSync(filePath, data);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b0eb6b44777893e Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:4894
        const buffer = fs6.readFileSync(absolutePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2f0612817b658ee Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:5188
import fs8 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aac77cd9b728ee2e Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:5449
  writeFormattedFile: (file, data) => fs8.writeFile(file, data)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #583bb5abe45a019c Filesystem access.
pkgs/npm/[email protected]/internal/legacy-cli.mjs:5805
      input = await fs9.readFile(filename, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

proxyquire

npm dependency
expand_more 6 low-confidence finding(s)
low env_fs tooling Excluded from app score unknown #c0300b6ea17e15b8 Filesystem access.
pkgs/npm/[email protected]/examples/async/foo.js:1
var fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #6153d6c67a405077 Filesystem access.
pkgs/npm/[email protected]/examples/example-utils.js:1
var fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #f3623c3445f4603f Filesystem access.
pkgs/npm/[email protected]/examples/example-utils.js:8
    fs.readFileSync(module).toString()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #8e22f9f477d92bae Filesystem access.
pkgs/npm/[email protected]/examples/example-utils.js:15
    fs.readFileSync(tests).toString()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #ae7668c669108300 Filesystem access.
pkgs/npm/[email protected]/examples/sinon/foo-tests.js:12
var fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #f3ad5eb809e8ef77 Filesystem access.
pkgs/npm/[email protected]/examples/sinon/foo.js:1
var fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

semver

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #b7d64836c345bbd8 Environment-variable access.
pkgs/npm/[email protected]/internal/debug.js:6
  process.env.NODE_DEBUG &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca5828276aa4950f Environment-variable access.
pkgs/npm/[email protected]/internal/debug.js:7
  /\bsemver\b/i.test(process.env.NODE_DEBUG)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

shelljs

npm dependency
expand_more 49 low-confidence finding(s)
low env_fs dependency Excluded from app score #3badc9a7afe5f2b0 Filesystem access.
pkgs/npm/[email protected]/src/cat.js:1
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33a9894e320b3c4a Filesystem access.
pkgs/npm/[email protected]/src/cat.js:44
    cat += fs.readFileSync(file, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48a18f2c21fe5274 Environment-variable access.
pkgs/npm/[email protected]/src/cd.js:16
    if (!process.env.OLDPWD) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f3197decd0cc1f9 Environment-variable access.
pkgs/npm/[email protected]/src/cd.js:19
      dir = process.env.OLDPWD;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18264f2776999c14 Environment-variable access.
pkgs/npm/[email protected]/src/cd.js:26
    process.env.OLDPWD = curDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0355cce89578ca09 Filesystem access.
pkgs/npm/[email protected]/src/chmod.js:1
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3f1694ff68d4f09 Filesystem access.
pkgs/npm/[email protected]/src/common.js:8
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bb12e0b5fac0d63 Environment-variable access.
pkgs/npm/[email protected]/src/common.js:57
delete process.env.OLDPWD; // initially, there's no previous directory

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b09ba2cbfb272c2b Filesystem access.
pkgs/npm/[email protected]/src/cp.js:1
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98bd13d4feb89c9e Filesystem access.
pkgs/npm/[email protected]/src/exec-child.js:2
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33b6b4f60f51f1ce Filesystem access.
pkgs/npm/[email protected]/src/exec-child.js:7
  var serializedParams = fs.readFileSync(paramFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0216ac2ab9dd40bc Filesystem access.
pkgs/npm/[email protected]/src/exec.js:2
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bdff7d3bb2d17078 Filesystem access.
pkgs/npm/[email protected]/src/exec.js:71
    fs.writeFileSync(filePath, data, {
      encoding: 'utf8',
      mode: parseInt('600', 8),
    });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5dcddf5178edf250 Filesystem access.
pkgs/npm/[email protected]/src/exec.js:113
    stdout = fs.readFileSync(stdoutFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7dfd6d527ffc61b Filesystem access.
pkgs/npm/[email protected]/src/exec.js:114
    stderr = fs.readFileSync(stderrFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cfa2e87ecff9e258 Filesystem access.
pkgs/npm/[email protected]/src/exec.js:116
    stdout = fs.readFileSync(stdoutFile, opts.encoding);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11d0c76950660493 Filesystem access.
pkgs/npm/[email protected]/src/exec.js:117
    stderr = fs.readFileSync(stderrFile, opts.encoding);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6c61320548baf9f Filesystem access.
pkgs/npm/[email protected]/src/grep.js:1
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4c97d934d070002 Filesystem access.
pkgs/npm/[email protected]/src/grep.js:101
    var contents = file === '-' ? pipe : fs.readFileSync(file, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4c5c1ba8d050acf Filesystem access.
pkgs/npm/[email protected]/src/head.js:1
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de5646f5184c7aba Filesystem access.
pkgs/npm/[email protected]/src/head.js:87
      contents = fs.readFileSync(file, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #695b81418b9338b5 Filesystem access.
pkgs/npm/[email protected]/src/ln.js:1
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63ed128f5eba77dd Filesystem access.
pkgs/npm/[email protected]/src/ls.js:2
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #552b14e1eb56b5b7 Filesystem access.
pkgs/npm/[email protected]/src/mkdir.js:1
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1519921b95a61c29 Filesystem access.
pkgs/npm/[email protected]/src/mv.js:1
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05c6d8d8f4360155 Filesystem access.
pkgs/npm/[email protected]/src/rm.js:1
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b6e76c22958d31a Filesystem access.
pkgs/npm/[email protected]/src/sed.js:1
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f197ce947d768765 Filesystem access.
pkgs/npm/[email protected]/src/sed.js:76
    var contents = file === '-' ? pipe : fs.readFileSync(file, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #920fe6606209db7b Filesystem access.
pkgs/npm/[email protected]/src/sed.js:85
      fs.writeFileSync(file, result, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a333fe9345e01205 Filesystem access.
pkgs/npm/[email protected]/src/sort.js:1
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3735c7250c1ec18c Filesystem access.
pkgs/npm/[email protected]/src/sort.js:85
    var contents = file === '-' ? pipe : fs.readFileSync(file, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab953569df632cf5 Filesystem access.
pkgs/npm/[email protected]/src/tail.js:1
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c9bf41072957b39 Filesystem access.
pkgs/npm/[email protected]/src/tail.js:70
    var contents = file === '-' ? pipe : fs.readFileSync(file, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f05c3fe525541e3d Filesystem access.
pkgs/npm/[email protected]/src/tempdir.js:2
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32eb6a0ad18c9e1b Filesystem access.
pkgs/npm/[email protected]/src/tempdir.js:18
    fs.writeFileSync(testFile, ' ');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bccf570bbffc775d Environment-variable access.
pkgs/npm/[email protected]/src/tempdir.js:45
                  writeableDir(process.env.TMPDIR) ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f96f016c0f1c3e0 Environment-variable access.
pkgs/npm/[email protected]/src/tempdir.js:46
                  writeableDir(process.env.TEMP) ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bea26e46ce1c0d48 Environment-variable access.
pkgs/npm/[email protected]/src/tempdir.js:47
                  writeableDir(process.env.TMP) ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd44659ef2942692 Environment-variable access.
pkgs/npm/[email protected]/src/tempdir.js:48
                  writeableDir(process.env.Wimp$ScrapDir) || // RiscOS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #924ebf7644d24514 Filesystem access.
pkgs/npm/[email protected]/src/test.js:1
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b347a12d7e07f29 Filesystem access.
pkgs/npm/[email protected]/src/to.js:1
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf2034dc5750b18d Filesystem access.
pkgs/npm/[email protected]/src/to.js:31
    fs.writeFileSync(file, this.stdout || this.toString(), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a53dc61f823f1fce Filesystem access.
pkgs/npm/[email protected]/src/toEnd.js:1
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b8045782ccae45b Filesystem access.
pkgs/npm/[email protected]/src/touch.js:1
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c64e2f1a7d2801a7 Filesystem access.
pkgs/npm/[email protected]/src/uniq.js:1
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9970961da1dc857d Filesystem access.
pkgs/npm/[email protected]/src/uniq.js:58
  var lines = (input ? fs.readFileSync(input, 'utf8') : pipe)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d1c6c82f380a0b9 Filesystem access.
pkgs/npm/[email protected]/src/which.js:1
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #988d232ca9c35b42 Environment-variable access.
pkgs/npm/[email protected]/src/which.js:62
  var pathArray = splitPath(process.env.PATH);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #652b859019bb6b2b Environment-variable access.
pkgs/npm/[email protected]/src/which.js:74
      var pathExtEnv = process.env.PATHEXT || XP_DEFAULT_PATHEXT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

typescript

npm dependency
expand_more 10 low-confidence finding(s)
low env_fs dependency Excluded from app score #1164e28582acd5d8 Filesystem access.
pkgs/npm/[email protected]/lib/_tsserver.js:51
var import_fs = __toESM(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c526c96e6ac6da17 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:309
    const envLogOptions = parseLoggingEnvironmentString(process.env.TSS_LOG);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c333d3bcdddeea30 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:535
  const traceDir = commandLineTraceDir ? (0, typescript_exports.stripQuotes)(commandLineTraceDir) : process.env.TSS_TRACE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbadd35f784b689e Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:548
        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c8b4cb04120dbe8 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:565
    if (process.env.XDG_CACHE_HOME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4bdcb8825afd87d4 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:566
      return process.env.XDG_CACHE_HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c93b423e42b4dfa7 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:569
    const homePath = import_os.default.homedir && import_os.default.homedir() || process.env.HOME || (process.env.LOGNAME || process.env.USER) && `/${usersDir}/${process.env.LOGNAME || process.env.USER}` || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44a6f4b1c47b4f76 Filesystem access.
pkgs/npm/[email protected]/lib/_typingsInstaller.js:44
var fs = __toESM(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1cf7f7611ce0a39f Filesystem access.
pkgs/npm/[email protected]/lib/_typingsInstaller.js:88
    const content = JSON.parse(host.readFile(typesRegistryFilePath));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58aee1c672c40ff5 Filesystem access.
pkgs/npm/[email protected]/lib/watchGuard.js:42
var fs = __toESM(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

webpack

npm dependency
expand_more 29 low-confidence finding(s)
low env_fs dependency Excluded from app score #ce8b8e5c83f26b6c Filesystem access.
pkgs/npm/[email protected]/lib/Compiler.js:901
							(this.outputFileSystem).writeFile(targetPath, content, (err) => {
								if (err) return callback(err);

								// information marker that the asset has been emitted
								compilation.emittedAssets.add(file);

								// cache the information that the Source has been written to that location
								const newGeneration =
									targetFileGeneration === undefined
										? 1
										: targetFileGeneration + 1;
								/** @type {CacheEntry} */
								(cacheEntry).writtenTo.set(targetPath, newGeneration);
								this._assetEmittingWrittenFiles.set(targetPath, newGeneration);
								this.hooks.assetEmitted.callAsync(
									file,
									{
										content,
										source,
										outputPath,
										compilation,
										targetPath
									},
									callback
								);
							});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a6d1f5cc56f9d7b Filesystem access.
pkgs/npm/[email protected]/lib/Compiler.js:996
								return /** @type {OutputFileSystem} */ (
									this.outputFileSystem
								).readFile(targetPath, (err, existingContent) => {
									if (
										err ||
										!content.equals(/** @type {Buffer} */ (existingContent))
									) {
										return doWrite(content);
									}
									return alreadyWritten();
								});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb8eae9276dfec0e Filesystem access.
pkgs/npm/[email protected]/lib/Compiler.js:1141
			(this.outputFileSystem).writeFile(
				/** @type {string} */ (this.recordsOutputPath),
				JSON.stringify(
					this.records,
					(n, value) => {
						if (
							typeof value === "object" &&
							value !== null &&
							!Array.isArray(value)
						) {
							const keys = Object.keys(value);
							if (!isSorted(keys)) {
								return sortObject(value, keys);
							}
						}
						return value;
					},
					2
				),
				callback
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d1171850a9b8324 Filesystem access.
pkgs/npm/[email protected]/lib/Compiler.js:1227
			(this.inputFileSystem).readFile(
				/** @type {string} */
				(this.recordsInputPath),
				(err, content) => {
					if (err) return callback(err);

					try {
						this.records =
							/** @type {Records} */
							(parseJson(/** @type {Buffer} */ (content).toString("utf8")));
					} catch (parseErr) {
						return callback(
							new Error(
								`Cannot parse records: ${
									/** @type {Error} */ (parseErr).message
								}`
							)
						);
					}

					return callback(null);
				}
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3140bd7cd49f963c Environment-variable access.
pkgs/npm/[email protected]/lib/DotenvPlugin.js:447
					process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1f7e2ca24a635b9 Environment-variable access.
pkgs/npm/[email protected]/lib/DotenvPlugin.js:448
						? process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a214ed241abb6d2 Filesystem access.
pkgs/npm/[email protected]/lib/DotenvPlugin.js:465
			fs.readFile(file, (err, content) => {
				if (err) reject(err);
				else resolve(/** @type {Buffer} */ (content).toString() || "");
			});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8338623e0aaed51d Environment-variable access.
pkgs/npm/[email protected]/lib/EnvironmentPlugin.js:50
					process.env[key] !== undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ef056371c712f91 Environment-variable access.
pkgs/npm/[email protected]/lib/EnvironmentPlugin.js:51
						? process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9c0dd027c422924 Filesystem access.
pkgs/npm/[email protected]/lib/FileSystemInfo.js:2209
								this.fs.readFile(path, (err, content) => {
									if (err) return callback(err);
									try {
										const context = dirname(this.fs, path);
										const source = /** @type {Buffer} */ (content).toString();
										const [imports] = lexer.parse(source);
										/** @type {Set<string>} */
										const added = new Set();
										for (const imp of imports) {
											try {
												// import.meta
												if (imp.d === -2) {
													continue;
												}

												/** @type {string | null} */
												const dependency =
													imp.n ||
													parseString(source.slice(imp.s, imp.e).trim());

												if (!dependency) {
													continue;
												}

												// We should not track Node.js build dependencies
												if (dependency.startsWith("node:")) continue;
												if (builtinModules.has(dependency)) continue;
												// Avoid extra jobs for identical imports
												if (added.has(dependency)) continue;

												push({
													type: RBDT_RESOLVE_ESM_FILE,
													context,
													path: dependency,
													expected: imp.d > -1 ? false : undefined,
													issuer: job
												});
												added.add(dependency);
											} catch (err1) {
												logger.warn(
													`Parsing of ${path} for build dependencies failed at 'import(${source.slice(
														imp.s,
														imp.e
													)})'.\n` +
														"Build dependencies behind this expression are ignored and might cause incorrect cache invalidation."
												);
												logger.debug(pathToString(job));
												logger.debug(/** @type {Error} */ (err1).stack);
											}
										}
									} catch (err2) {
										logger.warn(
											`Parsing of ${path} for build dependencies failed and all dependencies of this file are ignored, which might cause incorrect cache invalidation..`
										);
										logger.debug(pathToString(job));
										logger.debug(/** @type {Error} */ (err2).stack);
									}
									process.nextTick(callback);
								});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9633f51c5dca60ec Filesystem access.
pkgs/npm/[email protected]/lib/FileSystemInfo.js:2284
						this.fs.readFile(packageJson, (err, content) => {
							if (err) {
								if (err.code === "ENOENT") {
									resolveMissing.add(packageJson);
									const parent = dirname(this.fs, packagePath);
									if (parent !== packagePath) {
										push({
											type: RBDT_DIRECTORY_DEPENDENCIES,
											context: undefined,
											path: parent,
											expected: undefined,
											issuer: job
										});
									}
									callback();
									return;
								}
								return callback(err);
							}
							resolveFiles.add(packageJson);
							/** @type {JsonObject} */
							let packageData;
							try {
								packageData = JSON.parse(
									/** @type {Buffer} */
									(content).toString("utf8")
								);
							} catch (parseErr) {
								return callback(/** @type {Error} */ (parseErr));
							}
							const depsObject = packageData.dependencies;
							const optionalDepsObject = packageData.optionalDependencies;
							/** @type {Set<string>} */
							const allDeps = new Set();
							/** @type {Set<string>} */
							const optionalDeps = new Set();
							if (typeof depsObject === "object" && depsObject) {
								for (const dep of Object.keys(depsObject)) {
									allDeps.add(dep);
								}
							}
							if (
								typeof optionalDepsObject === "object" &&
								optionalDepsObject
							) {
								for (const dep of Object.keys(optionalDepsObject)) {
									allDeps.add(dep);
									optionalDeps.add(dep);
								}
							}
							for (const dep of allDeps) {
								push({
									type: RBDT_RESOLVE_DIRECTORY,
									context: packagePath,
									path: dep,
									expected: !optionalDeps.has(dep),
									issuer: job
								});
							}
							callback();
						});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3826a209781aa8cf Filesystem access.
pkgs/npm/[email protected]/lib/FileSystemInfo.js:3676
		this.fs.readFile(path, (err, content) => {
			if (err) {
				if (err.code === "EISDIR") {
					this._fileHashes.set(path, "directory");
					return callback(null, "directory");
				}
				if (err.code === "ENOENT") {
					this._fileHashes.set(path, null);
					return callback(null, null);
				}
				if (err.code === "ERR_FS_FILE_TOO_LARGE") {
					/** @type {Logger} */
					(this.logger).warn(`Ignoring ${path} for hashing as it's very large`);
					this._fileHashes.set(path, "too large");
					return callback(null, "too large");
				}
				return callback(/** @type {WebpackError} */ (err));
			}

			const hash = createHash(this._hashFunction);

			hash.update(/** @type {string | Buffer} */ (content));

			const digest = hash.digest("hex");

			this._fileHashes.set(path, digest);

			callback(null, digest);
		});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a28a0736a0f71972 Filesystem access.
pkgs/npm/[email protected]/lib/FileSystemInfo.js:4419
			this.fs.readFile(packageJsonPath, (err, content) => {
				if (err) {
					if (err.code === "ENOENT" || err.code === "ENOTDIR") {
						// no package.json or path is not a directory
						this.fs.readdir(path, (err, elements) => {
							if (
								!err &&
								/** @type {string[]} */ (elements).length === 1 &&
								/** @type {string[]} */ (elements)[0] === "node_modules"
							) {
								// This is only a grouping folder e.g. used by yarn
								// we are only interested in existence of this special directory
								this._managedItems.set(path, "*nested");
								return callback(null, "*nested");
							}
							/** @type {Logger} */
							(this.logger).warn(
								`Managed item ${path} isn't a directory or doesn't contain a package.json (see snapshot.managedPaths option)`
							);
							return callback();
						});
						return;
					}
					return callback(/** @type {WebpackError} */ (err));
				}
				/** @type {JsonObject} */
				let data;
				try {
					data = JSON.parse(/** @type {Buffer} */ (content).toString("utf8"));
				} catch (parseErr) {
					return callback(/** @type {WebpackError} */ (parseErr));
				}
				if (!data.name) {
					/** @type {Logger} */
					(this.logger).warn(
						`${packageJsonPath} doesn't contain a "name" property (see snapshot.managedPaths option)`
					);
					return callback();
				}
				const info = `${data.name || ""}@${data.version || ""}`;
				this._managedItems.set(path, info);
				callback(null, info);
			});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e43ff42ed321457b Filesystem access.
pkgs/npm/[email protected]/lib/config/defaults.js:8
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3332f7e9d6409959 Filesystem access.
pkgs/npm/[email protected]/lib/config/defaults.js:1477
			const packageInfo = JSON.parse(fs.readFileSync(pkgPath, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53bb9383a59b12be Environment-variable access.
pkgs/npm/[email protected]/lib/config/defaults.js:2450
		(infrastructureLogging.stream).isTTY && process.env.TERM !== "dumb";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #474a0ce0530d31ac Filesystem access.
pkgs/npm/[email protected]/lib/dll/DllReferencePlugin.js:73
					(compiler.inputFileSystem).readFile(manifest, (err, result) => {
						if (err) return callback(err);
						/** @type {CompilationDataItem} */
						const data = {
							path: manifest,
							data: undefined,
							error: undefined
						};
						// Catch errors parsing the manifest so that blank
						// or malformed manifest files don't kill the process.
						try {
							data.data =
								/** @type {DllReferencePluginOptionsManifest} */
								(
									/** @type {unknown} */
									(parseJson(/** @type {Buffer} */ (result).toString("utf8")))
								);
						} catch (parseErr) {
							// Store the error in the params so that it can
							// be added as a compilation error later on.
							const manifestPath = makePathsRelative(
								compiler.context,
								manifest,
								compiler.root
							);
							data.error = new DllManifestError(
								manifestPath,
								/** @type {Error} */ (parseErr).message
							);
						}
						compilationData.set(params, data);
						return callback();
					});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9d8b18277d92377 Filesystem access.
pkgs/npm/[email protected]/lib/dll/LibManifestPlugin.js:137
								intermediateFileSystem.writeFile(targetPath, buffer, callback);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5df03f467d42a1d3 Filesystem access.
pkgs/npm/[email protected]/lib/ids/SyncModuleIdsPlugin.js:63
				fs.readFile(this.options.path, (err, buffer) => {
					if (err) {
						if (err.code !== "ENOENT") {
							return callback(err);
						}
						return callback();
					}
					/** @type {JSONContent} */
					const json = JSON.parse(/** @type {Buffer} */ (buffer).toString());
					/** @type {Map<string, string | number | null>} */
					data = new Map();
					for (const key of Object.keys(json)) {
						data.set(key, json[key]);
					}
					dataChanged = false;
					return callback();
				});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fcf5754bdb03aaa7 Filesystem access.
pkgs/npm/[email protected]/lib/ids/SyncModuleIdsPlugin.js:94
				fs.writeFile(this.options.path, JSON.stringify(json), callback);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e56deb939808318 Filesystem access.
pkgs/npm/[email protected]/lib/schemes/FileUriPlugin.js:43
						loaderContext.fs.readFile(resourcePath, (err, result) => {
							if (err) return callback(err);
							loaderContext.addDependency(resourcePath);
							callback(null, result);
						});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63a197e9d67d6956 Environment-variable access.
pkgs/npm/[email protected]/lib/schemes/HttpUriPlugin.js:496
			this.options.proxy || process.env.http_proxy || process.env.HTTP_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1766cc71f1247472 Filesystem access.
pkgs/npm/[email protected]/lib/schemes/HttpUriPlugin.js:589
							intermediateFs.readFile(lockfileLocation, (err, buffer) => {
								if (err && err.code !== "ENOENT") {
									compilation.missingDependencies.add(lockfileLocation);
									return callback(err);
								}
								compilation.fileDependencies.add(lockfileLocation);
								compilation.fileSystemInfo.createSnapshot(
									compiler.fsStartTime,
									buffer ? [lockfileLocation] : [],
									[],
									buffer ? [] : [lockfileLocation],
									{ timestamp: true },
									(err, s) => {
										if (err) return callback(err);
										const lockfile = buffer
											? Lockfile.parse(buffer.toString("utf8"))
											: new Lockfile();
										lockfileCache = {
											lockfile,
											snapshot: /** @type {Snapshot} */ (s)
										};
										callback(null, lockfile);
									}
								);
							});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fbdad35b94f6579f Filesystem access.
pkgs/npm/[email protected]/lib/schemes/HttpUriPlugin.js:693
							intermediateFs.writeFile(filePath, result.content, (err) => {
								if (err) return callback(err);
								callback(null, result);
							});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43cf377363d8e922 Filesystem access.
pkgs/npm/[email protected]/lib/schemes/HttpUriPlugin.js:1202
									fs.readFile(filePath, (err, result) => {
										if (err) {
											if (err.code === "ENOENT") return doFetch();
											return callback(err);
										}
										const content = /** @type {Buffer} */ (result);
										/**
										 * Continue with cached content.
										 * @param {Buffer | undefined} _result result
										 * @returns {void}
										 */
										const continueWithCachedContent = (_result) => {
											if (!upgrade) {
												// When not in upgrade mode, we accept the result from the lockfile cache
												return callback(null, { entry, content });
											}
											return doFetch(content);
										};
										if (!verifyIntegrity(content, entry.integrity)) {
											/** @type {Buffer | undefined} */
											let contentWithChangedEol;
											let isEolChanged = false;
											try {
												contentWithChangedEol = Buffer.from(
													content.toString("utf8").replace(/\r\n/g, "\n")
												);
												isEolChanged = verifyIntegrity(
													contentWithChangedEol,
													entry.integrity
												);
											} catch (_err) {
												// ignore
											}
											if (isEolChanged) {
												if (!warnedAboutEol) {
													const explainer = `Incorrect end of line sequence was detected in the lockfile cache.
The lockfile cache is protected by integrity checks, so any external modification will lead to a corrupted lockfile cache.
When using git make sure to configure .gitattributes correctly for the lockfile cache:
  **/*webpack.lock.data/** -text
This will avoid that the end of line sequence is changed by git on Windows.`;
													if (frozen) {
														logger.error(explainer);
													} else {
														logger.warn(explainer);
														logger.info(
															"Lockfile cache will be automatically fixed now, but when lockfile is frozen this would result in an error."
														);
													}
													warnedAboutEol = true;
												}
												if (!frozen) {
													// "fix" the end of line sequence of the lockfile content
													logger.log(
														`${filePath} fixed end of line sequence (\\r\\n instead of \\n).`
													);
													intermediateFs.writeFile(
														filePath,
														/** @type {Buffer} */
														(contentWithChangedEol),
														(err) => {
															if (err) return callback(err);
															continueWithCachedContent(
																/** @type {Buffer} */
																(contentWithChangedEol)
															);
														}
													);
													return;
												}
											}
											if (frozen) {
												return callback(
													new Error(
														`${
															entry.resolved
														} integrity mismatch, expected content with integrity ${
															entry.integrity
														} but got ${computeIntegrity(content)}.
Lockfile corrupted (${
															isEolChanged
																? "end of line sequence was unexpectedly changed"
																: "incorrectly merged? changed by other tools?"
														}).
Run build with un-frozen lockfile to automatically fix lockfile.`
													)
												);
											}
											// "fix" the lockfile entry to the correct integrity
											// the content has priority over the integrity value
											entry = {
												...entry,
												integrity: computeIntegrity(content)
											};
											storeLockEntry(lockfile, url, entry);
										}
										continueWithCachedContent(result);
									});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3cf3c87c6a2eb85 Filesystem access.
pkgs/npm/[email protected]/lib/schemes/HttpUriPlugin.js:1257
													intermediateFs.writeFile(
														filePath,
														/** @type {Buffer} */
														(contentWithChangedEol),
														(err) => {
															if (err) return callback(err);
															continueWithCachedContent(
																/** @type {Buffer} */
																(contentWithChangedEol)
															);
														}
													);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #184660d3a77490d3 Filesystem access.
pkgs/npm/[email protected]/lib/schemes/HttpUriPlugin.js:1410
							intermediateFs.readFile(lockfileLocation, (err, buffer) => {
								if (err && err.code !== "ENOENT") {
									writeDone();
									return callback(err);
								}
								const lockfile = buffer
									? Lockfile.parse(buffer.toString("utf8"))
									: new Lockfile();
								for (const [key, value] of /** @type {LockfileUpdates} */ (
									lockfileUpdates
								)) {
									lockfile.entries.set(key, value);
								}
								intermediateFs.writeFile(
									tempFile,
									lockfile.toString(),
									(err) => {
										if (err) {
											writeDone();
											return (
												/** @type {NonNullable<IntermediateFileSystem["unlink"]>} */
												(intermediateFs.unlink)(tempFile, () => callback(err))
											);
										}
										intermediateFs.rename(tempFile, lockfileLocation, (err) => {
											if (err) {
												writeDone();
												return (
													/** @type {NonNullable<IntermediateFileSystem["unlink"]>} */
													(intermediateFs.unlink)(tempFile, () => callback(err))
												);
											}
											writeDone();
											callback();
										});
									}
								);
							});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a55d40b7e01a17a4 Filesystem access.
pkgs/npm/[email protected]/lib/schemes/HttpUriPlugin.js:1423
								intermediateFs.writeFile(
									tempFile,
									lockfile.toString(),
									(err) => {
										if (err) {
											writeDone();
											return (
												/** @type {NonNullable<IntermediateFileSystem["unlink"]>} */
												(intermediateFs.unlink)(tempFile, () => callback(err))
											);
										}
										intermediateFs.rename(tempFile, lockfileLocation, (err) => {
											if (err) {
												writeDone();
												return (
													/** @type {NonNullable<IntermediateFileSystem["unlink"]>} */
													(intermediateFs.unlink)(tempFile, () => callback(err))
												);
											}
											writeDone();
											callback();
										});
									}
								);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72f1e476e5e3babc Filesystem access.
pkgs/npm/[email protected]/lib/util/fs.js:681
	fs.readFile(p, (err, buf) => {
		if (err) return callback(err);
		/** @type {JsonObject} */
		let data;
		try {
			data = JSON.parse(/** @type {Buffer} */ (buf).toString("utf8"));
		} catch (err1) {
			return callback(/** @type {Error} */ (err1));
		}
		return callback(null, data);
	});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

webpack-cli

npm dependency
expand_more 14 low-confidence finding(s)
low env_fs dependency Excluded from app score #6b6d29adfe3db09e Environment-variable access.
pkgs/npm/[email protected]/bin/cli.js:8
if (!process.env.WEBPACK_CLI_SKIP_IMPORT_LOCAL && require("import-local")(__filename)) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f37b1a556fa6796 Environment-variable access.
pkgs/npm/[email protected]/lib/plugins/cli-plugin.js:47
            if (process.env.WEBPACK_CLI_START_FINISH_FORCE_LOG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80237790662b32f9 Environment-variable access.
pkgs/npm/[email protected]/lib/webpack-cli.js:13
const WEBPACK_PACKAGE_IS_CUSTOM = Boolean(process.env.WEBPACK_PACKAGE);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df63c76b2334efc3 Environment-variable access.
pkgs/npm/[email protected]/lib/webpack-cli.js:15
    ? process.env.WEBPACK_PACKAGE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b985a9750e43117 Environment-variable access.
pkgs/npm/[email protected]/lib/webpack-cli.js:17
const WEBPACK_DEV_SERVER_PACKAGE_IS_CUSTOM = Boolean(process.env.WEBPACK_DEV_SERVER_PACKAGE);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fe15cc8f1d09dd4 Environment-variable access.
pkgs/npm/[email protected]/lib/webpack-cli.js:19
    ? process.env.WEBPACK_DEV_SERVER_PACKAGE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5acbc59f5a1a2ce3 Environment-variable access.
pkgs/npm/[email protected]/lib/webpack-cli.js:909
                helpWidth: typeof process.env.WEBPACK_CLI_HELP_WIDTH !== "undefined"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d9a0c6129d60508 Environment-variable access.
pkgs/npm/[email protected]/lib/webpack-cli.js:910
                    ? Number.parseInt(process.env.WEBPACK_CLI_HELP_WIDTH, 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0c240df7a97db8a Filesystem access.
pkgs/npm/[email protected]/lib/webpack-cli.js:2039
                    const source = await node_fs_1.default.promises.readFile(configFilePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dcaa7bf0ae4354de Environment-variable access.
pkgs/npm/[email protected]/lib/webpack-cli.js:2364
                (process.env.NODE_ENV === "development" ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2b0642012e9e6c5 Environment-variable access.
pkgs/npm/[email protected]/lib/webpack-cli.js:2365
                    process.env.NODE_ENV === "production" ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29b6001573081f5c Environment-variable access.
pkgs/npm/[email protected]/lib/webpack-cli.js:2366
                    process.env.NODE_ENV === "none")) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1392f1f28e6a4071 Environment-variable access.
pkgs/npm/[email protected]/lib/webpack-cli.js:2367
                configuration.mode = process.env.NODE_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2053c64a2797344d Environment-variable access.
pkgs/npm/[email protected]/lib/webpack-cli.js:2422
            process.env.NODE_ENV = options.configNodeEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

yorkie

npm dependency
expand_more 17 low-confidence finding(s)
low env_fs tooling Excluded from app score unknown #69e6d4315a4da420 Filesystem access.
pkgs/npm/[email protected]/__tests__/index.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #0329cf1f10f1d5cd Filesystem access.
pkgs/npm/[email protected]/__tests__/index.js:24
  fs.writeFileSync(path.join(dir, filePath), data)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #db81ea6c55af5992 Filesystem access.
pkgs/npm/[email protected]/__tests__/index.js:28
  return fs.readFileSync(path.join(dir, filePath), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe967c7b2bbcb386 Environment-variable access.
pkgs/npm/[email protected]/bin/install.js:8
if (isCI && !process.env.HUSKY_IGNORE_CI && !process.env.YORKIE_IGNORE_CI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b8c56741013ada5 Environment-variable access.
pkgs/npm/[email protected]/bin/install.js:13
if (process.env.HUSKY_SKIP_INSTALL || process.env.YORKIE_SKIP_INSTALL) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d2dbcab9f6ba80d Environment-variable access.
pkgs/npm/[email protected]/bin/install.js:15
    `env variable HUSKY_SKIP_INSTALL is set to ${process.env
      .HUSKY_SKIP_INSTALL}, skipping Git hooks installation`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0786cd3ae1ad8bb Filesystem access.
pkgs/npm/[email protected]/src/install.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87a06ae6c9ee3da9 Filesystem access.
pkgs/npm/[email protected]/src/install.js:18
  fs.writeFileSync(filename, data)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #168b1f8d01d0ea98 Filesystem access.
pkgs/npm/[email protected]/src/runner.js:1
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae63db7cdcd513ce Filesystem access.
pkgs/npm/[email protected]/src/runner.js:6
const pkg = fs.readFileSync(path.join(cwd, 'package.json'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57eeb540c3a7bd05 Filesystem access.
pkgs/npm/[email protected]/src/uninstall.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2d9c91c908fc30c Filesystem access.
pkgs/npm/[email protected]/src/utils/find-hooks-dir.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a0251f827f364f7 Filesystem access.
pkgs/npm/[email protected]/src/utils/find-hooks-dir.js:20
      const gitFileData = fs.readFileSync(gitDir, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4ce77c08399fa6d Filesystem access.
pkgs/npm/[email protected]/src/utils/find-parent.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a2c0e30c39cccd7 Environment-variable access.
pkgs/npm/[email protected]/src/utils/get-hook-script.js:22
    const home = normalize(process.env.HOME)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6cf70ee8a141541d Filesystem access.
pkgs/npm/[email protected]/src/utils/is.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #995158ab74117888 Filesystem access.
pkgs/npm/[email protected]/src/utils/is.js:6
  return fs.readFileSync(filename, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

  • @eslint/config-array prod — dist-only: no readable source
  • @eslint/config-helpers prod — dist-only: no readable source
  • @eslint/core prod — dist-only: no readable source
  • @eslint/plugin-kit prod — dist-only: no readable source
  • @humanwhocodes/retry prod — dist-only: no readable source
  • file-entry-cache prod — dist-only: no readable source
  • minimatch prod — dist-only: no readable source
  • eslint-plugin-regexp prod — dist-only: no readable source

Development

  • @arethetypeswrong/cli dev — dist-only: no readable source
  • @cypress/webpack-preprocessor dev — dist-only: no readable source
  • @eslint/json dev — dist-only: no readable source
  • @typescript-eslint/parser dev — dist-only: no readable source
  • eslint-plugin-eslint-plugin dev — dist-only: no readable source
  • glob dev — dist-only: no readable source
  • got dev — dist-only: no readable source