Close Open Privacy Scan
App Privacy Score
Low risk · 32 finding(s)
Dependency score: 97 (Low risk)
bar_chart Score Breakdown
list Scan Summary
swap_horiz External domains
day.js.org
</> First-Party Code
first-party (npm)
npm first-partyexpand_more 24 low-confidence finding(s)
process.env.NODE_ENV === "production"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs from "fs/promises"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await fs.writeFile(`${buildDir}/index.mjs`, indexMjsContent, "utf8")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const pkg = JSON.parse(await fs.readFile("./package.json", "utf8"))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await fs.writeFile(
"./build/package/package.json",
JSON.stringify(pkg, null, 2) + "\n",
)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
raw = fs.readFileSync(filePath, "utf8")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs.writeFileSync(
filePath,
JSON.stringify(pkg, null, indent) + "\n",
"utf8",
)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if ((process.env["NODE_OPTIONS"] ?? "").includes("--loader ts-node"))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env["NODE_OPTIONS"],
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs from "fs/promises"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await fs.writeFile(filePath, content)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const file = await fs.readFile(filePath)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const packageJsonContents = await CommandUtils.readFile(
basePath + "/package.json",
)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await CommandUtils.readFile(
path.resolve(__dirname, "..", "package.json"),
),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.ORA_SDTZ = "UTC"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.PGTZ = "UTC"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const database = PlatformTools.readFileSync(
fileNameOrLocalStorageOrData,
)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await PlatformTools.writeFile(path, content)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs from "fs"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
export { ReadStream } from "fs"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return fs.readFileSync(filename)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return fs.promises.writeFile(path, data)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
import fs from "fs/promises"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
await fs.readFile(potentialPackageJson, "utf8"),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
</> Dependencies
dayjs
npm dependencyexpand_more 2 low-confidence finding(s)
if (!process || process.env.NODE_ENV !== 'production') {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e||self).dayjs_plugin_devHelper=t()}(this,(function(){"use strict";return function(e,t,s){if(!process||"production"!==process.env.NODE_ENV){var o=t.prototype,n=o.parse;o.parse=function(e){var t=e.date;return"string"==typeof t&&13===t.length&&console.warn("To parse a Unix timestamp like "+t+", you should pass it as a Number. https://day.js.org/docs/en/parse/unix-timestamp-milliseconds"),"number"==typeof t&&4===String(t).length&&console.warn("Guessing you may want to parse the Year "+t+", you should pass it as a String "+t+", not a Number. Otherwise, "+t+" will be treated as a Unix timestamp"),e.args.length>=2&&!s.p.customParseFormat&&console.warn("To parse a date-time string like "+t+" using the given format, you should enable customParseFormat plugin first. https://day.js.org/docs/en/parse/string-format"),n.bind(this)(e)};var a=s.locale;s.locale=function(e,t,o){return void 0===t&&"string"==typeof e&&(s.Ls[e]||console.warn("Guessing you may want to use locale "+e+", you have to load it before using it. https://day.js.org/docs/en/i18n/loading-into-nodejs")),a(e,t,o)};var i=o.diff;o.diff=function(e,t,o){return(!e||!s(e).isValid())&&console.warn("Invalid usage: diff() requires a valid comparison date as the first argument. https://day.js.org/docs/en/display/difference"),i.call(this,e,t,o)}}}}));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
debug
npm dependencyexpand_more 5 low-confidence finding(s)
r = process.env.DEBUG;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let val = process.env[key];
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
process.env.DEBUG = namespaces;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
delete process.env.DEBUG;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return process.env.DEBUG;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
yargs
npm dependencyexpand_more 1 low-confidence finding(s)
return process.env[key]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
Skipped dependencies
Production
- tinyglobby prod — dist-only: no readable source